Re: Support for apple OS X schema?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/03/2013 08:37 AM, Rich Megginson wrote:

On 12/27/2012 03:49 PM, Orion Poplawski wrote:

On 12/27/2012 03:26 PM, Orion Poplawski wrote:

Has any work been done towards supporting Apple OS X ldap schema in 389?  It
seems like this is the latest OpenLDAP schema for Apple:

http://opensource.apple.com/source/OpenLDAP/OpenLDAP-208.1/OpenLDAP/servers/slapd/schema/apple.schema



Does anyone know of tools that would populate the various apple specific
entries like apple-generateduid?

Thanks!



For what it is worth - I ran it through ol-schema-migrate.pl and got the
attached file.  But doesn't work:

Starting dirsrv:
    cora-ldap2...[27/Dec/2012:15:43:01 -0700] attr_syntax_create - Error:
the SUBSTR matching rule [caseExactIA5SubstringsMatch] is not compatible
with the syntax [1.3.6.1.4.1.1466.115.121.1.24] for the attribute
[apple-birthday]
[27/Dec/2012:15:43:01 -0700] dse_read_one_file - The entry cn=schema in file
/etc/dirsrv/slapd-cora-ldap2/schema/99apple.ldif (lineno: 1) is invalid,
error code 20 (Type or value exists) - attribute type lastLoginTime: Does
not match the OID "1.3.6.1.1.1.1.35". Another attribute type is already
using the name or OID.

The first looks like incompatibility between:

  EQUALITY generalizedTimeMatch
  SUBSTR caseExactIA5SubstringsMatch


Right.



but I'm not familiar with this.

lastLoginTime is in 60acctpolicy.ldif:

## lastLoginTime holds login state in user entries (GeneralizedTime syntax)
attributeTypes: ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime'
  DESC 'Last login time'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation
  X-ORIGIN 'Account Policy Plugin' )


Arg.  This is the problem of using non-standard schema (both in Apple's case
and in our case).  Both Apple and 389 defined the lastLoginTime attribute, and
unfortunately they are different.

I suppose you could just remove 60acctpolicy.ldif from your schema directory
if you want to use the Apple schema.  But then you won't be able to use the
Account Policy Plugin to keep track of last login time and account expiration.


If I go this route I'll likely just use a small subject of the Apple schema.


--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       orion@xxxxxxxx
Boulder, CO 80301                   http://www.nwra.com
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux