On Fri, 2008-01-18 at 11:41 +0100, Michael Ströder wrote:
Andrew Bartlett wrote:
I generate the schema from these 'AD format' LDIF files:
Is this directly dumped from AD without any mangling?
Other than cutting it down (it is a partial schema, based on what we need at the moment), this is based on what AD presents.
Is this what you will load in the LDAP server acting as backend? It looks somewhat tweaked to Samba's need.
But without further processing this would not load since naming attribute 'cn' is missing in the entry:
This loads in Samba4, not into OpenLDAP, and our module chain fixed it up.
dn: cn=privilege,${SCHEMADN} objectClass: top objectClass: attributeSchema lDAPDisplayName: privilege isSingleValued: FALSE systemFlags: 17 systemOnly: TRUE schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 adminDisplayName: Privilege attributeID: 1.3.6.1.4.1.7165.4.1.7 attributeSyntax: 2.5.5.4 oMSyntax: 20
Obviously you have any pre-processing before adding this to OpenLDAP. But do you also add the naming attribute 'cn'?
I cannot load this schema file in my build of OpenLDAP HEAD. slapd won't start (but unfortunately without error message). Are you sure that every object class referenced by a DIT content rule is really there?
Indeed, this does not load, and that is my issue!
I've updated this one to almost load (needed to exlude memberOf, which is provided by OpenLDAP's memberOf module), with this error:
/home/data/samba/git/samba/source/st/dc/private/ldap/backend-schema.schema: line 4292 dITContentRule: Content Rule not for STRUCTURAL object class: "1.2.840.113556.1.5.3" slaptest: bad configuration file!
The problem is that indeed, this dITContentRule is for an AUXILIARY class. The other problems occour after I eliminate that rule.
Andrew Bartlett