On 06/12/2011 16:24, masarati@aero.polimi.it wrote:
This is the intended behavior. Slapd needs attributes to be defined in the schema in order to accept them in filters (because it needs to be able to check the validity of the filter with respect to the attribute, the value and the matching rule.
[snip]
For this reason, if one knows a proxy needs to be used in some specific form, its schema must be defined accordingly.
Ok, understood, thanks for the explanation.
My next problem therefore is to obtain a usable schema for the AD. I've extracted the schema directly from our AD and cleaned it up so that OpenLDAP is (almost) happy, but it doesn't support some of the syntaxes. The documentation suggests I can't easily add the required syntaxes to OpenLDAP either.
So for now I've worked around the issue by performing a search as soon as the meta LDAP server has started.
Just wondering though if anyone out there has created a suitable MS schema that OpenLDAP is happy to use?