[Fedora-directory-users] Samba schema not loading in FDS...

Thu Mar 2 02:12:30 UTC 2006

Jim Hogan wrote:

> Halloo!
>
> I am attempting to migrate an existing OpenLDAP directory to FDS 
> 1.01.  I had extended the OL setup with samba.schema and had imported 
> a bunch of existing Samba data with scripts.  This is all on Fedora 
> Core 3.  I was motivated to migrate by 1) the console apps and 2) 
> better ACI mgmt; I figured both of these might better support a better 
> self-service directory model where people can edit some of their own 
> details.
>
> I have FDS running and just got console running.  I found the script 
> to convert samba.schema to FDS LDIF format and that seemed to work a 
> treat.  However, on startup, FDS seems to completely ignore my 
> "61samba.ldif".  Worse, it seems not to notice any errors.  What this 
> measn is that I am not able to import any users (and other elements) 
> from my OL directory as they have various samba* attributes.

This is what I did:
cd /opt/fedora-ds/slapd-localhost/config/schema
perl ~/ol2rhds.pl < /usr/share/doc/samba-3.0.14a/LDAP/samba.schema > 
61samba.ldif
# http://www.directory.fedora.redhat.com/download/ol2rhds.pl
../../restart-slapd
ldapsearch -x -h localhost -p myport -s base -b "cn=schema" 
"objectclass=*" | grep -i samba

I see lots of output like the following:
....
objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 
'Samba
 Configuration Option' SUP top STRUCTURAL MUST sambaOptionName X-ORIGIN 
'user
objectClasses: ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaAccountPolicy' DESC 
'Samba
  Account Policy' SUP top STRUCTURAL MUST ( sambaAccountPolicyName $ 
sambaAcco
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' 
DESC
 'Base at which the samba RID generation algorithm should operate' 
EQUALITY in
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT 
Group
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 
'Logon H
....

>
> The rest of the XXname.ldif schema files seem to be processing just 
> fine.  I have audited some of the last to load 50ns-web, 50ns-calendar 
> and 60pam-plugin, and all of their attributes appear in the listing I 
> can find via the console (or phpLDAPadmin).
>
> I saw nothing in the slapd-servername/logs/* so I increased error 
> loglevel to 192 and then to some ridiculous combined value from the 
> debug table in the FAQ.  I never see any reference to problems 
> processing "61samba" -- the only errors I can generate with "samba" in 
> them are when I attempt to add users "has unknown object class 
> 'sambaSamAccount'", for example.    I changed 61samba.ldif to 
> 21samba.ldif to see if this problem was order-dependent.  No change.  
> For grins, I added a junk ldif called 59nonsense.ldif and I couldn't 
> get *that* to generate any lines in the "errors" log file or anywhere 
> that I can tell.  "service ldap restart" just seems to go on its merry 
> way.  It is like the ancillary LDIF list doesn't exist or something.
>
> So, for fun I *copied* one of the LDIF schema files to 
> "59nonsense.ldif" and figured I would see log complaints about 
> duplicate attributes, but *nothing*. and nothing in debug log.  slapd 
> restarts without a hitch.
>
> Anyhow, FDS looks great and I am sure it will be a lot of fun, but at 
> the moment, I think I am missing some *big*, dope-slap-worthy item -- 
> some big, red switch that says "COMMIT" that I need to flip!
>
> Thoughts?  Thanks.
>
> Jim
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060301/0e70e6e2/attachment.bin>