Re: LDAP/Samba 4 summary
On Wed, 2007-11-28 at 09:13 +1100, Andrew Bartlett wrote:
On Tue, 2007-11-27 at 07:23 -0800, Howard Chu wrote:
> Christian Marg wrote:
> > Hello,
> >
> > Andrew Bartlett wrote:
> > [...]
> >> Linked attributes include member/memberOf, master/masteredBy and many
> >> others. They are defined in the AD schema, and as far as I know, are
> >> strictly updated as a pair (they are not flattened memberOf listings,
> >> for example).
> > [...]
> >
> > Isn't that what slapo-refint(5) does? Maybe it needs some fine
> > adjustment, but from the manpage it sounds promising...
>
> The slapo-memberOf overlay is probably more useful here, as Ando already
> pointed out. But yes, we can take care of linked attributes, no problem.
Looking at the configuration, it seems this can only currently be
configured once - ie, for memberOf. Am I missing how to configure it to
also handle an arbitrary number of other attributes? Ideally I would
process the AD schema into a configuration file with these details.
To start with this module I've decided to just deal with memberOf.
However, I can't get the module to start, because while it allows
configuration of different schema in theory, it relies on the default
schema to exist in practice:
[abartlet@naomi source]$ /usr/local/sbin/slaptest
-f /home/data/samba/samba4/clean/source/st/dc/private/ldap/slapd.conf
back-bdb/back-hdb monitor: "olmBDBAttributes" previously defined
"1.3.6.1.4.1.4203.666.1.55.0.1.1"
back-bdb/back-hdb monitor: "olmBDBObjectClasses" previously defined
"1.3.6.1.4.1.4203.666.3.16.0.1.1"
memberof_db_init: unable to find objectClass="groupOfNames"
slaptest: bad configuration file!
The problem is that groupOfNames doesn't exist in the AD-like schema I'm
loading. This is with current CVS OpenLDAP.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
Attachments:
- signature.asc (application/pgp-signature — 189 bytes)
- slapd.conf (text/plain — 2.2 KB)