> Joseph Fry via FreeIPA-users wrote:
>
> It needs an exact match to what is in the schema. Try this:
>
> dn: cn=schema
> remove: objectClasses: ( 1.2.840.113556.1.3.30 NAME 'Computers' DESC 'AD
> Computers' SUP top STRUCTURAL MAY cn X-ORIGIN 'user defined' )
>
> rob
That worked... in fact what I was doing may have worked, I had to remove the
space between AD and Computers to make yours work, I think I made the same
mistake on my attempt.
Here is my completed update file for posterity sake:
# Delete the adcomputers and adcomputergroups containers. Not really necessary
but
# its useful to start with a clean slate during testing, as updating things can
lead
# to some strangeness
dn: cn=adcomputers, cn=Schema Compatibility, cn=plugins, cn=config
deleteentry:
dn: cn=adcomputergroups, cn=Schema Compatibility, cn=plugins, cn=config
deleteentry:
# remove the ObjectClasses to start with a clean slate (this isn't necessary,
# but it demonstrates how to remove them if necessary)
dn: cn=schema
remove: objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' DESC 'AD
Computers' SUP top STRUCTURAL MAY cn X-ORIGIN 'user defined' )
remove: objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' DESC 'AD Groups' SUP
top STRUCTURAL MAY cn X-ORIGIN 'user defined' )
# Add ObjectClasses to suppress schema validation errors
dn: cn=schema
add: objectClasses: (1.2.840.113556.1.3.30 NAME 'computer' DESC 'AD Computers'
SUP top MAY (cn))
add: objectClasses: (1.2.840.113556.1.5.8 NAME 'group' DESC 'AD Groups' SUP top
MAY (cn))
# Create the adcomputers container and map the objects and attributes from the
ipaHosts
# Note: This will bring every host in, though it could be filtered with the
search-filter
# below if desired.
dn: cn=adcomputers, cn=Schema Compatibility, cn=plugins, cn=config
default:objectClass: top
default:objectClass: extensibleObject
default:cn: adcomputers
default:schema-compat-container-group: cn=compat, $SUFFIX
default:schema-compat-container-rdn: cn=adcomputers
default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
default:schema-compat-search-filter: (&(fqdn=*)(objectClass=ipaHost))
default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
default:schema-compat-check-access: yes
default:schema-compat-entry-attribute: objectclass=extensibleObject
default:schema-compat-entry-attribute: objectclass=computer
default:schema-compat-entry-attribute: cn=%{fqdn}
default:schema-compat-entry-attribute: sAMAccountType=805306369
default:schema-compat-entry-attribute: dNSHostName=%{fqdn}
default:schema-compat-entry-attribute: operatingSystem=%{nsOsVersion}
default:schema-compat-entry-attribute: name=%{serverHostName}
default:schema-compat-entry-attribute: sAMAccountName=$$%{serverHostName}
default:schema-compat-entry-attribute: location=%{nsHostLocation}
# Create the adcomputergroups container and map the relevant attributes from
the ipahostgroups
dn: cn=adcomputergroups, cn=Schema Compatibility, cn=plugins, cn=config
default:objectClass: top
default:objectClass: extensibleObject
default:cn: adcomputergroups
default:schema-compat-container-group: cn=compat, $SUFFIX
default:schema-compat-container-rdn: cn=adcomputergroups
default:schema-compat-search-base: cn=hostgroups, cn=accounts, $SUFFIX
default:schema-compat-search-filter: (&(member=*)(objectClass=ipahostgroup))
default:schema-compat-entry-rdn: cn=%{cn}
default:schema-compat-entry-check-access: yes
default:schema-compat-entry-attribute: objectclass=extensibleObject
default:schema-compat-entry-attribute: objectclass=group
default:schema-compat-entry-attribute: objectclass=groupOfNames
default:schema-compat-entry-attribute: cn=%{cn}
default:schema-compat-entry-attribute:
distinguishedName=cn=%{cn},cn=adcomputergroups,cn=compat,$SUFFIX
default:schema-compat-entry-attribute: name=%{cn}
default:schema-compat-entry-attribute:
member=cn=%deref_r("member","fqdn"),cn=adcomputers,cn=compat,$SUFFIX
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
