On Fri, 2008-01-18 at 12:05 +0100, Michael StrÃder wrote: > Michael StrÃder wrote: > > Andrew Bartlett wrote: > > > >> http://samba.org/~abartlet/ol-ad/backend-schema.schema > > > > I cannot load this schema file in my build of OpenLDAP HEAD. > > It seems that this is a monolithic schema file also containing standard > attribute type declarations normally already defined within OpenLDAP's > schema files. Are you planning to do it that way when deploying Samba 4 > with OpenLDAP? I understand that there might be subtle differences > between AD's schema declaration and how things are defined in RFCs. > > But such a redefinition of standard schema elements would be problematic > because OpenLDAP internally has hard-coded schema elements you cannot > change by configuration. (These are just left as comments within the > schema config files shipped with OpenLDAP.) And you don't know which > schema elements will be transferred from schema files to the C code in > the future. Indeed I do not! I find this to be a right royal pain, and as such maintain a file (attached) that is the crude input to the conversion program, setting out the mappings that must occur. Trying to determine where AD diverges from the schema OpenLDAP uses is not a task I've yet taken on. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
#Standard OpenLDAP attributes labeledURI createTimeStamp objectClass userPassword seeAlso uid subSchemaSubEntry structuralObjectClass distinguishedName description cn top memberOf #This shouldn't make it to the ldap server sambaPassword #These conflict with OpenLDAP builtins attributeTypes:samba4AttributeTypes 2.5.21.5:1.3.6.1.4.1.7165.4.255.7 dITContentRules:samba4DITContentRules 2.5.21.2:1.3.6.1.4.1.7165.4.255.6 objectClasses:samba4ObjectClasses 2.5.21.6:1.3.6.1.4.1.7165.4.255.5 subSchema:samba4SubSchema 2.5.20.1:1.3.6.1.4.1.7165.4.255.4 #'name' is the RDN in AD, but something else in OpenLDAP name:samba4RDN #Remap these so that we don't put operational attributes in a schema MAY modifyTimeStamp:samba4ModifyTimestamp 2.5.18.2:1.3.6.1.4.1.7165.4.255.3 #MiddleName has a conflicting OID 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID 1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2 #This large integer format is unimplemented in OpenLDAP 2.3 1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 #This case insensitive string isn't available 1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1.44 #This type of DN isn't in OpenLDAP 1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12 #Treat Security Descriptors as binary 1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40
Attachment:
signature.asc
Description: This is a digitally signed message part