On Thu, 2008-01-17 at 12:49 +0100, Michael Ströder wrote:
Andrew Bartlett wrote:
I'm not quite sure what I'm looking for here, sorry:
I'm not quite sure if I correctly understood what you're trying to do because I don't have access to all relevant schema definitions.
In using OpenLDAP, I'm hoping to avoid having to write that logic, so I stopped adding extensibleObject to all our objectClass values, and replaced it with samba4Top, contaning all the things that AD's top contains, but OpenLDAPs does not.
Could you please post definition of 'samba4Top'?
I generate the schema from these 'AD format' LDIF files:
http://samba.org/~abartlet/ol-ad/schema.ldif
http://samba.org/~abartlet/ol-ad/schema_samba4.ldif
In schema_samba4 you will find samba4Top, which is a subset of Microsoft's top, cut down until OpenLDAP would load it.
So far so good, but AD has: dn: CN=Domain-DNS,${SCHEMADN} objectClass: top objectClass: classSchema subClassOf: domain systemAuxiliaryClass: samDomain
This is the AD-specific schema entry which gets converted to a DIT content rule in the LDAPv3-compliant subschema subentry. Yes?
Yeah, I convert the whole schema (via a munging program, skipping and renaming a few things) into:
http://samba.org/~abartlet/ol-ad/backend-schema.schema
Looking at http://www.grotan.com/ldap/microsoft.ext.schema
I created entries in my schema file like:
dITContentRule ( 1.2.840.113556.1.5.67 NAME 'domainDNS' AUX ( samDomain ) )
dITContentRule ( 1.2.840.113556.1.5.3 NAME 'samDomain' AUX ( samDomainBase ) )
This created two problems: It appears that you cannot create a ditContentRule for a non-structural objectClass
Yes, see section 4.1.6. of RFC 4512. You should try not to violate this because leads to interop problems with LDAPv3 compliant implementations. (My web2ldap obeys DIT content rules governing STRUCTURAL object classes when showing select lists for choosing object classes when modifying an entry.)
(samDomain is AUXILIARY), and even if I do, I can't tack on the samba4Top on the end, because of:
How are 'domainDNS' and 'samDomain' defined? Is 'domainDNS' STRUCTURAL?
Yes, domainDNS is structural, but samDomain and samDomainBase are auxillary.
Andrew Bartlett