Re: Support for apple OS X schema?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/27/2012 03:49 PM, Orion Poplawski wrote:
On 12/27/2012 03:26 PM, Orion Poplawski wrote:
Has any work been done towards supporting Apple OS X ldap schema in 389?  It
seems like this is the latest OpenLDAP schema for Apple:

http://opensource.apple.com/source/OpenLDAP/OpenLDAP-208.1/OpenLDAP/servers/slapd/schema/apple.schema


Does anyone know of tools that would populate the various apple specific
entries like apple-generateduid?

Thanks!


For what it is worth - I ran it through ol-schema-migrate.pl and got the attached file.  But doesn't work:

Starting dirsrv:
    cora-ldap2...[27/Dec/2012:15:43:01 -0700] attr_syntax_create - Error: the SUBSTR matching rule [caseExactIA5SubstringsMatch] is not compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.24] for the attribute [apple-birthday]
[27/Dec/2012:15:43:01 -0700] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-cora-ldap2/schema/99apple.ldif (lineno: 1) is invalid, error code 20 (Type or value exists) - attribute type lastLoginTime: Does not match the OID "1.3.6.1.1.1.1.35". Another attribute type is already using the name or OID.

The first looks like incompatibility between:

  EQUALITY generalizedTimeMatch
  SUBSTR caseExactIA5SubstringsMatch

Right.


but I'm not familiar with this.

lastLoginTime is in 60acctpolicy.ldif:

## lastLoginTime holds login state in user entries (GeneralizedTime syntax)
attributeTypes: ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime'
  DESC 'Last login time'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation
  X-ORIGIN 'Account Policy Plugin' )

Arg.  This is the problem of using non-standard schema (both in Apple's case and in our case).  Both Apple and 389 defined the lastLoginTime attribute, and unfortunately they are different.

I suppose you could just remove 60acctpolicy.ldif from your schema directory if you want to use the Apple schema.  But then you won't be able to use the Account Policy Plugin to keep track of last login time and account expiration.




--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux