RE: [ActiveDir] how can i add the value of the SchemIDGUID when Icreate a schemd object?

Sat, 31 May 2003 04:16:19 -0700

Title: Message
Good explanation Dave.  Couple additional comments...
 
The double colons :: in LDIF means that the value to the right is base64 encoded.
 
The dash - after schemaUpdateNow is needed when you modify an entry in LDIF (not necessary for adding or deleting).  It allows you to modify multiple attributes at once if you want (separated by dashes).
 
You need to set the schemaIDGUID when you create the object.
 
Don't you love LDIF!  :-)  I actually kinda like it, but I may just be used to it.  Check out the LDIF RFC 2849 for more details.
 
Robbie Allen
http://www.rallenhome.com/ (under construction)
-----Original Message-----
From: Fugleberg, David A [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 10:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object?

zhaohu -
 
Here's an example:
------------------------------------------------
dn: cn=nwa-test-attribute,cn=schema,cn=configuration,ddddd
changetype: add
objectClass: attributeSchema
cn: nwa-test-attribute
attributeID: 1.3.6.1.4.1.11802.2.1.1.1
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
lDAPDisplayName: nwaTestAttribute
description: attribute added for test - please ignore
rangeLower: 1
rangeUpper: 10
schemaIDGUID:: DPzmI4k/WUqX0IqM1HQiJA==
 

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
-------------------------------------------------------------
 
I put everything between the lines above into a LDIF file called test.ldf
I then invoked the following command line (replacing the yourdomain portion with the real domain name, of course):
 
ldifde -i -f test.ldf -c ddddd dc=yourdomain,dc=com -v
 
You should get an attribute with a schemaIDGUID value of {23E6FC0C-3F89-4A59-97D0-8A8CD4742224}.
 
A couple of notes- the extra colon after schemaIDGUID and the dash (-) afterthe schemaUpdateNow element seem to be important - don't ask me why.
 
Of course, for real extensions you can place several attribute and class definitions in the same LDIF file and do them all at once.  Just remember to put the schemaUpdateNow section after anything that's required by other parts of the file.  For example, I recently did one with two new attributes, and a new auxiliary class that was connected to the User class.  The LDIF file had the add attribute sections, an update, the add class section, another update, a modify section to add the auxiliary class to the user class, and then a final update.
 
Hope that helps.
Dave
-----Original Message-----
From: zhaohu [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 7:46 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object?

yeah, i wanna specify a value for schemaIDGUID in order to create extended rights for some objects, and i get the Base64-encoded format value by the utility uuidgen.exe.
then  how do you extend the schema using LDIF files? could you show me an example, because i had failed to do that, so i have to program it by C++ , thanks very much~
----- Original Message -----
Sent: Friday, May 30, 2003 3:43 AM
Subject: RE: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object?

I'm not the expert either, but I do have some experience with this.  Normally, like Rick said, GUIDs are simply assigned by the system upon object creation.  SchemaIDGUID is kind of a special case, though - it's the GUID of the classSchema or attributeSchema object itself.  If you ever want to define some extended rights that apply to instances of your new class or attribute, you'll need to know the SchemaIDGUID of the classSchema or attributeSchema object in the forest.
 
Let's say you write a program that extends the schema, and it does NOT specify the schemaIDGUID.  The system will generate one for you when the program is run.  If you run it again in a different forest, those objects will have a different value of schemaIDGUID in that forest.  On the other hand, if your program DOES specify a value for schemaIDGUID, then it will have that value in every forest where your extension is installed.  That way, you can document what it should be, and can programatically create extended rights for those objects in any of those forests.
 
The value must be in the Base64-encoded format.  There are a couple of ways to generate a value to use:
1. Install the extension on a test forest WITHOUT specifying the schemaIDGUID, copy the value that gets automatically generated, and put in it your program for future use on other forests
 
OR
 
2. Use the utility uuidgen.exe and convert the output (format XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX) to Base64.
 
I have done this successfully using LDIF files to extend the schema, but have not tried it programmatically, although I see no reason why it would not work the same.
 
Robbie, Gil, if I've misrepresented something here please correct me !
 
Dave
 
 -----Original Message-----
From: zhaohu [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003 7:50 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object?

Today i think that maybe the SchemaIDGUID can only accept Base64, so i replaced the {BCE8B3C4-9A94-4C34-8E76-AA4A682CBA2C} with Base64 xLPovJSaNEyOdqpKaCy6LA== , but the program still failed:(
Maybe Rick Kingslan is right, i can't assign a GUID to an object when i create the object, then what about modifying the Value of SchemaIDGUID after i create the object? i will test it after i send this mail:) 
      
----- Original Message -----
Sent: Wednesday, May 28, 2003 8:46 PM
Subject: RE: [ActiveDir] how can i add the value of the SchemIDGUID when I create a schemd object?

I am FAR from the expert on this subject, but I do know a thing or two.  (Gil, where are you when we need you???  ;-)  )
 
The one thing that I see is that you're trying to force a GUID.  I don't think that you can do this.  You can't assign a GUID to an object - it's assigned when created.  You're assigning an OID, which is good - as long as it is unique and created via, say OIDGEN. 
 
Everything else looks fine.  This probably explains why the program runs without the statement in question, but won't when you have it in.  It's not supposed to be there.
 
Anyone else know schema manipulation with C++?  ;-)
 

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 



From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of zhaohu
Sent: Wednesday, May 28, 2003 2:29 AM
To: [EMAIL PROTECTED]

this is some code in my program, i create the schema object it:
 
----------------------------------------------------------------
hr = piSchema->Create( L"classSchema", L"CN=TestClass", &piDisp );
   .
   .
   .    
    hr = piDisp->QueryInterface( IID_IADs, ( void** )&piIADsClass );
    if( SUCCEEDED( hr ) )
    {
     hr = piIADsClass->Put( L"objectClass", _variant_t( L"classSchema" ) );
     hr = piIADsClass->Put( L"lDAPDisplayName", _variant_t( L"TestClass" ) );
     hr = piIADsClass->Put( L"governsID", _variant_t( L"1.3.6.1.4.1.1593.4.2.1.1.2.43" ) );
     hr = piIADsClass->Put( L"subClassOf", _variant_t( L"top" ) );
     hr = piIADsClass->Put( L"possSuperiors",_variant_t( L"organizationalUnit") );
     hr = piIADsClass->Put( L"schemaIDGUID",_variant_t(L"{BCE8B3C4-9A94-4C34-8E76-AA4A682CBA2C}"));
     hr = piIADsClass->PutEx(ADS_PROPERTY_APPEND, L"mayContain", varNames3);
     
     .
     .
     .
----------------------------------------------------------------------
 
but it failed when i run the program, then if i comment or delete  " hr = piIADsClass->Put( L"schemaIDGUID",_variant_t(L"{BCE8B3C4-9A94-4C34-8E76-AA4A682CBA2C}"));"  it runs well, who could tell me what is the matter with my promgram, thanks very very much:)

Reply via email to