On Sat, 2008-12-20 at 10:37 +0530, Sreepathi Pai wrote: > On Sat, Dec 20, 2008 at 3:23 AM, Richard Guthrie <[email protected]> > wrote: > > Sreepathi, > > > > Thank you for the additional issues. I am not able to find the attribute > > you mention ms-DS-Password-Container. Which file are you looking at? Any > > help > understanding this issue would be appreciated. > > Apologies, that's ms-DS-Password-Settings-Container, not > ms-DS-Password-Container. This is the the > MS-AD_Schema_Classes_v20080618.txt file (and fixed in classes.patch). > Currently it has the CN ms-DS-Password-Settings which is missing the > "-Container" part (there is another CN ms-DS-Password-Settings).
I'm finding a pile more issues, once I run with the OpenLDAP backend (which does more cross-checking). So far these seem to be missing: globalAddressList2 addressBookRoots2 (this one has the wrong OID in the docs I've got, but correct on the website) templateRoots2 msDS-BridgeHeadServersUsed (this also has incorrect constants - searchFlags are missing the FLAG_ prefix) I think we are taking the wrong tack here. Clearly this file was hand-generated. But on the flip side, the PDFs are also hand-generated - but with one less level of human error. If we can get a correct set of PDFs (assuming we can find PDFs with addressBookRoots2 and msDS-BridgeHeadServersUsed fixed) then perhaps we really should just process them with the extract_from_pdf script? Surely there is a canonical master for the schema, in some format or other. Could this possibly just be published under the same licence? Even a 'blessed' ldapsearch against a Windows 2008 server would do wonders. This is really what I'm after - I don't mind running or asking Sreepathi to write scripts, but this manual process seems a bit of a waste. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
commit cddb653c405830c15880ac2b3ad870baaaaf0ed9 Author: Andrew Bartlett <[email protected]> Date: Sat Dec 20 16:40:20 2008 +1100 Even more corrections to Microsoft's schema diff --git a/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt b/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt index 743e1d0..ab4f399 100644 --- a/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt +++ b/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt @@ -2423,6 +2423,20 @@ searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +cn: Global-Address-List2 +ldapDisplayName: globalAddressList2 +attributeId: 1.2.840.113556.1.4.2047 +attributeSyntax: 2.5.5.1 +linkID: 2124 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 4898f63d-4112-477c-8826-3ca00bd8277d +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + cn: Governs-ID ldapDisplayName: governsID attributeId: 1.2.840.113556.1.2.22 @@ -3891,6 +3905,20 @@ searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +cn: Address-Book-Roots2 +ldapDisplayName: addressBookRoots2 +attributeId: 1.2.840.113556.1.4.2046 +attributeSyntax: 2.5.5.1 +linkID: 2122 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +schemaIdGuid: 508ca374-a511-4e4e-9f4f-856f61a6b7e4 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + cn: Address-Entry-Display-Table ldapDisplayName: addressEntryDisplayTable attributeId: 1.2.840.113556.1.2.324 @@ -5835,6 +5863,20 @@ rangeLower: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +cn: ms-DS-BridgeHead-Servers-Used +ldapDisplayName: msDS-BridgeHeadServersUsed +attributeId: 1.2.840.113556.1.4.2049 +attributeSyntax: 2.5.5.7 +omSyntax: 127 +omObjectClass: 1.2.840.113556.1.1.1.11 +linkID: 2160 +isSingleValued: FALSE +showInAdvancedViewOnly: TRUE +schemaIdGuid: 3ced1465-7b71-2541-8780-1e1ea6243a82 +searchFlags: 0 +systemFlags: FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL | FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + cn: ms-DS-Byte-Array ldapDisplayName: msDS-ByteArray attributeId: 1.2.840.113556.1.4.1831 @@ -13740,6 +13782,20 @@ searchFlags: 0 systemFlags: FLAG_SCHEMA_BASE_OBJECT schemaFlagsEx: FLAG_ATTR_IS_CRITICAL +cn: Template-Roots2 +ldapDisplayName: templateRoots2 +attributeId: 1.2.840.113556.1.4.2048 +attributeSyntax: 2.5.5.1 +omSyntax: 127 +omObjectClass: 1.3.12.2.1011.28.0.714 +isSingleValued: FALSE +linkId: 2126 +schemaIdGuid: b1cba91a-0682-4362-a659-153e201ef069 +systemOnly: FALSE +searchFlags: 0 +systemFlags: FLAG_SCHEMA_BASE_OBJECT +schemaFlagsEx: FLAG_ATTR_IS_CRITICAL + cn: Terminal-Server ldapDisplayName: terminalServer attributeId: 1.2.840.113556.1.4.885 diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3 index bff1695..233f9a9 100644 --- a/source4/setup/schema-map-openldap-2.3 +++ b/source4/setup/schema-map-openldap-2.3 @@ -11,6 +11,9 @@ distinguishedName description cn top +entryTTL +uidNumber +gidNumber #The memberOf plugin provides this attribute memberOf #These conflict with OpenLDAP builtins @@ -42,3 +45,7 @@ modifyTimeStamp:samba4ModifyTimestamp 1.3.6.1.4.1.1466.115.121.1.38:1.3.6.1.4.1.1466.115.121.1.44 #Treat Object(DN-Binary) as a binary blob 1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.40 +#Treat Object(DN-String) as a binary blob +1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.40 +#Treat UTC-Time as GeneralizedTime +1.3.6.1.4.1.1466.115.121.1.53:1.3.6.1.4.1.1466.115.121.1.24
signature.asc
Description: This is a digitally signed message part
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
