masarati@aero.polimi.it wrote:
Den 24.08.2010 16:35, skrev masarati@aero.polimi.it:
Define those objectclasses in slapd's schema, that's the wisest thing to do. I'd note that in recent releases the filter is passed thru as is even when unknown. Unfortunately, you don't state what version you're using.
Sorry about that. I'm using the current in Debian - 2.4.11.
And for the schemas, see what I wrote in my previous post on the mailing list - I basically have no way of getting hold of the schema declarations.
As soon as the AD you're proxying knows about them, you can extract the schema from it. See the documentation of AD, I don't remember how it stores the schema (I'm afraid it does not work as illustrated in RFC4512, 4.4).
Off course MS AD has a subschema subentry which can be located and read as with any other LDAPv3 compliant server.
In W2K there were some incompabilities regarding values for SYNTAX not being OIDs.
My web2ldap can be used to access AD and extract the few schema descriptions needed from the subschema subentry. You can do a (wild-card) search for OIDs and NAMEs.
Ciao, Michael.