[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AD-style AUX classes

To: Michael Ströder <michael@stroeder.com>
Subject: Re: AD-style AUX classes
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 18 Jan 2008 09:16:11 +1100
Cc: openldap-technical <openldap-technical@openldap.org>
In-reply-to: <478F40E4.7020106@stroeder.com>
References: <1200551266.5772.137.camel@naomi> <478F40E4.7020106@stroeder.com>

On Thu, 2008-01-17 at 12:49 +0100, Michael StrÃder wrote:
> Andrew Bartlett wrote:
> > I'm not quite sure what I'm looking for here, sorry:
> 
> I'm not quite sure if I correctly understood what you're trying to do 
> because I don't have access to all relevant schema definitions.
> 
> > In using OpenLDAP, I'm hoping to avoid having to write that logic, so I
> > stopped adding extensibleObject to all our objectClass values, and
> > replaced it with samba4Top, contaning all the things that AD's top
> > contains, but OpenLDAPs does not.
> 
> Could you please post definition of 'samba4Top'?

I generate the schema from these 'AD format' LDIF files:

http://samba.org/~abartlet/ol-ad/schema.ldif

http://samba.org/~abartlet/ol-ad/schema_samba4.ldif

In schema_samba4 you will find samba4Top, which is a subset of
Microsoft's top, cut down until OpenLDAP would load it. 

> > So far so good, but AD has:
> > dn: CN=Domain-DNS,${SCHEMADN}
> > objectClass: top
> > objectClass: classSchema
> > subClassOf: domain
> > systemAuxiliaryClass: samDomain
> 
> This is the AD-specific schema entry which gets converted to a DIT 
> content rule in the LDAPv3-compliant subschema subentry. Yes?

Yeah, I convert the whole schema (via a munging program, skipping and
renaming a few things) into:

http://samba.org/~abartlet/ol-ad/backend-schema.schema

> > Looking at http://www.grotan.com/ldap/microsoft.ext.schema
> > 
> > I created entries in my schema file like:
> > 
> > dITContentRule (
> >   1.2.840.113556.1.5.67
> >   NAME 'domainDNS'
> >   AUX ( samDomain )
> >   )
> > 
> > dITContentRule (
> >   1.2.840.113556.1.5.3
> >   NAME 'samDomain'
> >   AUX ( samDomainBase )
> >   )
> > 
> > This created two problems:  It appears that you cannot create a
> > ditContentRule for a non-structural objectClass
> 
> Yes, see section 4.1.6. of RFC 4512. You should try not to violate this 
> because leads to interop problems with LDAPv3 compliant implementations. 
> (My web2ldap obeys DIT content rules governing STRUCTURAL object classes 
> when showing select lists for choosing object classes when modifying an 
> entry.)
> 
> > (samDomain is
> > AUXILIARY), and even if I do, I can't tack on the samba4Top on the end,
> > because of:
> 
> How are 'domainDNS' and 'samDomain' defined? Is 'domainDNS' STRUCTURAL?

Yes, domainDNS is structural, but samDomain and samDomainBase are
auxillary. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: AD-style AUX classes
  - From: Michael StrÃder <michael@stroeder.com>

References:
- AD-style AUX classes
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: AD-style AUX classes
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Coverity Report for Openldap library
Next by Date: Re: AD-style AUX classes
Index(es):
- Chronological
- Thread