[Fedora-directory-devel] Samba4 onto Fedora DS
Andrew Bartlett
abartlet at samba.org
Tue Aug 22 22:15:48 UTC 2006
On Tue, 2006-08-22 at 16:06 -0600, Richard Megginson wrote:
> Andrew Bartlett wrote:
> > On Tue, 2006-08-22 at 10:03 -0700, Pete Rowley wrote:
> >
> >> Kimmo Koivisto wrote:
> >>
> >>
> >>> Andrew Bartlett wrote:
> >>> [snip]
> >>>
> >>>
> >>>
> >>>> Anyway, this is the error I get with the attached schema:
> >>>>
> >>>> [abartlet at piglett source]$ sudo /opt/fedora-ds/slapd-piglett/start-slapd
> >>>> Password:
> >>>> [22/Aug/2006:21:03:47 +1000] dse - The entry cn=schema in
> >>>> file /opt/fedora-ds/slapd-piglett/config/schema/01samba4.ldif is
> >>>> invalid, error code 20 (Type or value exists) - attribute type
> >>>> streetAddress: Does not match the OID "1.2.840.113556.1.2.256". Another
> >>>> attribute type is already using the name or OID.
> >>>> [22/Aug/2006:21:03:47 +1000] dse - Please edit the file to correct the
> >>>> reported problems and then restart the server.
> >>>>
> >>>> I can find no other reference (in the schema ldif files) to
> >>>> streetAddress, or that OID.
> >>>>
> >>>>
> >>>>
> >>>>
> >>> See 00core.ldif:
> >>> attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) DESC 'Standard
> >>> LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC
> >>> 2256' )
> >>>
> >>> Maybe this is what you wan't to remove?
> >>>
> >>>
> >>>
> >> It would be bad form to remove a standard attribute and replace it with
> >> one of the same name but different OID. It would be better to use the
> >> standard attribute.
> >>
> >
> > What would go wrong if I did that?
> >
> The server might not start, apps might break.
Do apps read the OID? I thought they just query by name. (The syntax is
identical in this case).
I'm trying to pick a line between 'bad form' (doing anything with
Microsoft 'LDAP' could easily be considered 'bad form') and 'fatal'.
My long term hope is to have more mappings, so that the backend can use
more and more standard schema, but this is a long way off yet.
For the moment, if I get the Samba4 provision to load, and Samba4 as the
only client to operate, then I'll be a very happy man.
> > When I started with OpenLDAP, I initially tried to load standard schema,
> > then Microsoft's modifications, but very quickly got into a mess:
> > Because I wanted a reproducible solution, I didn't want to edit these
> > schema files, but they declared objectClasses that I had to override.
> >
> > So I ended up just using the converted AD schema.
> >
> > Would it be possible to split the 00core.ldif into 'attributes required
> > for the operation of the directory' and 'core ldap standards'?
> Yes. Something like internally used attributes vs. externally used
> attributes?
That's what I'm looking for.
> > What
> > will happen if I fail to load the 'attributes required for operation of
> > the directory'?
> >
> Things may break. It's hard to tell without specific attributes or
> objectclass names or OIDs.
I was kind of hoping someone might be able to give me that list, so I
can split the 00core.ldif. Once I know that list, I can place them into
my excludes file, and not have the AD schema replace them.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20060823/c7a2acfd/attachment.sig>
More information about the Fedora-directory-devel
mailing list