Andrew Bartlett wrote:
I generate the schema from these 'AD format' LDIF files:
Is this directly dumped from AD without any mangling?
Is this what you will load in the LDAP server acting as backend? It looks somewhat tweaked to Samba's need.
But without further processing this would not load since naming attribute 'cn' is missing in the entry:
dn: cn=privilege,${SCHEMADN} objectClass: top objectClass: attributeSchema lDAPDisplayName: privilege isSingleValued: FALSE systemFlags: 17 systemOnly: TRUE schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182 adminDisplayName: Privilege attributeID: 1.3.6.1.4.1.7165.4.1.7 attributeSyntax: 2.5.5.4 oMSyntax: 20
Obviously you have any pre-processing before adding this to OpenLDAP. But do you also add the naming attribute 'cn'?
I cannot load this schema file in my build of OpenLDAP HEAD. slapd won't start (but unfortunately without error message). Are you sure that every object class referenced by a DIT content rule is really there?
Ciao, Michael.