[PATCH] Add external-schema directory

Rowland Penny rpenny at samba.org
Mon Apr 30 06:58:06 UTC 2018 

On Mon, 30 Apr 2018 08:43:43 +0300
Alexander Bokovoy via samba-technical <samba-technical at lists.samba.org>
wrote:

> Hi,
> 
> On ma, 30 huhti 2018, William Brown via samba-technical wrote:
> > Hi,
> > 
> > There are a small number of useful external schemas that we should
> > provide. Instead of letting admins pull these from the internel

Why not, Windows does.

Rowland

>, we
> > should ship some useful schema that we know is correct and able to
> > extend the directory for broader unix application use.
> How would you propose installing them? The patch doesn't address this
> part other than README document, so how they would be installed? You'd
> need to add bit of bld.INSTALL_WILDCARD() to the
> source4/setup/wscript_build
> 
> Perhaps, DC=.. parts need to be changed to be consistent with
> schema_samba4.ldif which uses ${SCHEMADN}.
> 
> Also, it may be good to provide a 'samba-tool' subcommand that plugs
> into some of the code in python/samba/provision.
> 
> For schemaIDGUID would be good to add a comment above the attribute
> definition that has the GUID in a readable form.
> 
> > 
> > The two schemas in this patch are for ssh public key storage in
> > LDAP, and nsUniqueId compatability for migrations from SUN-DS/389
> > Directory Server applications.
> > 
> > Thanks,
> > 
> > William
> 
> > From e5f71309b6c2aaf4cc395cd86de1161a83e59167 Mon Sep 17 00:00:00
> > 2001 From: William Brown <william at blackhats.net.au>
> > Date: Mon, 30 Apr 2018 15:23:14 +1200
> > Subject: [PATCH] source4/setup/external-schema: Add ns compat and
> > sshpubkey
> > 
> > Add externally provided schema files that can be applied to a
> > domain. This prevents admins needing to apply "random ldifs" from
> > the internet. The two external schemas are for sshpublic key
> > storage in LDAP, and the second is a 389 Directory Server
> > compatability attribute for UUID mapping.
> > 
> > Signed-off-by: William Brown <william at blackhats.net.au>
> > ---
> >  source4/setup/external-schema/README         |  6 ++++++
> >  source4/setup/external-schema/README.txt     | 11 +++++++++++
> >  source4/setup/external-schema/ns.ldif        | 29
> > ++++++++++++++++++++++++++++
> > source4/setup/external-schema/sshpubkey.ldif | 29
> > ++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+)
> > create mode 100644 source4/setup/external-schema/README create mode
> > 100644 source4/setup/external-schema/README.txt create mode 100644
> > source4/setup/external-schema/ns.ldif create mode 100644
> > source4/setup/external-schema/sshpubkey.ldif
> > 
> > diff --git a/source4/setup/external-schema/README
> > b/source4/setup/external-schema/README new file mode 100644
> > index 00000000000..a8416b94792
> > --- /dev/null
> > +++ b/source4/setup/external-schema/README
> > @@ -0,0 +1,6 @@
> > +This is a set of external LDIF schemas that are useful - but not
> > installed +by default.
> > +
> > +They exist so that rather than applying random internet LDIF's we
> > can guide +people to use these instead.
> > +
> > diff --git a/source4/setup/external-schema/README.txt
> > b/source4/setup/external-schema/README.txt new file mode 100644
> > index 00000000000..844246d4dab
> > --- /dev/null
> > +++ b/source4/setup/external-schema/README.txt
> > @@ -0,0 +1,11 @@
> > +This is a set of external LDIF schemas that are useful - but not
> > installed +by default.
> > +
> > +They exist so that rather than applying random internet LDIF's we
> > can guide +people to use these instead.
> > +
> > +To apply these, you need to copy them and replace 'DC=X' with your
> > domain DN. +
> > +They can then be applied with ldapmodify -f <name>.ldif. You will
> > need to +authenticate with an account that is a member of Schema
> > Admins. +
> > diff --git a/source4/setup/external-schema/ns.ldif
> > b/source4/setup/external-schema/ns.ldif new file mode 100644
> > index 00000000000..caeb584d206
> > --- /dev/null
> > +++ b/source4/setup/external-schema/ns.ldif
> > @@ -0,0 +1,29 @@
> > +
> > +dn:
> > CN=nsUniqueId,CN=Schema,CN=Configuration,DC=blackhats,DC=net,DC=au
> > +changetype: add +objectClass: top
> > +objectClass: attributeSchema
> > +attributeID: 2.16.840.1.113730.3.1.542
> > +cn: nsUniqueId
> > +name: nsUniqueId
> > +lDAPDisplayName: nsUniqueId
> > +description: MANDATORY: nsUniqueId compatability
> > +attributeSyntax: 2.5.5.10
> > +oMSyntax: 4
> > +isSingleValued: TRUE
> > +searchFlags: 9
> > +
> > +dn:
> > CN=nsOrgPerson,CN=Schema,CN=Configuration,DC=blackhats,DC=net,DC=au
> > +changetype: add +objectClass: top
> > +objectClass: classSchema
> > +governsID: 2.16.840.1.113730.3.2.334
> > +cn: nsOrgPerson
> > +name: nsOrgPerson
> > +description: MANDATORY: Netscape DS compat person
> > +lDAPDisplayName: nsOrgPerson
> > +subClassOf: top
> > +objectClassCategory: 3
> > +defaultObjectCategory:
> > CN=nsOrgPerson,CN=Schema,CN=Configuration,DC=blackhats,DC=net,DC=au
> > +mayContain: nsUniqueId +
> > diff --git a/source4/setup/external-schema/sshpubkey.ldif
> > b/source4/setup/external-schema/sshpubkey.ldif new file mode 100644
> > index 00000000000..439feda8e1a
> > --- /dev/null
> > +++ b/source4/setup/external-schema/sshpubkey.ldif
> > @@ -0,0 +1,29 @@
> > +dn:
> > CN=sshPublicKey,CN=Schema,CN=Configuration,DC=adt,DC=blackhats,DC=net,DC=au
> > +changetype: add +objectClass: top
> > +objectClass: attributeSchema
> > +attributeID: 1.3.6.1.4.1.24552.500.1.1.1.13
> > +schemaIDGUID:: fHCvUrxcsUSrYRq8nUvw5Q==
> > +cn: sshPublicKey
> > +name: sshPublicKey
> > +lDAPDisplayName: sshPublicKey
> > +description: MANDATORY: OpenSSH Public key
> > +attributeSyntax: 2.5.5.10
> > +oMSyntax: 4
> > +isSingleValued: FALSE
> > +
> > +dn:
> > CN=ldapPublicKey,CN=Schema,CN=Configuration,DC=adt,DC=blackhats,DC=net,DC=au
> > +changetype: add +objectClass: top
> > +objectClass: classSchema
> > +governsID: 1.3.6.1.4.1.24552.500.1.1.2.0
> > +schemaIDGUID:: yfKd3707f0qnSxgXE9qYeA==
> > +cn: ldapPublicKey
> > +name: ldapPublicKey
> > +description: MANDATORY: OpenSSH LPK objectclass
> > +lDAPDisplayName: ldapPublicKey
> > +subClassOf: top
> > +objectClassCategory: 3
> > +defaultObjectCategory:
> > CN=ldapPublicKey,CN=Schema,CN=Configuration,DC=adt,DC=blackhats,DC=net,DC=au
> > +mayContain: sshPublicKey +
> > -- 
> > 2.14.3
> > 
> 
>

More information about the samba-technical mailing list