On Tue, 2006-08-22 at 15:35 -0700, Pete Rowley wrote: > Andrew Bartlett wrote: > > >On Tue, 2006-08-22 at 16:06 -0600, Richard Megginson wrote: > > > > > >>Andrew Bartlett wrote: > >> > >> > >>>On Tue, 2006-08-22 at 10:03 -0700, Pete Rowley wrote: > >>> > >>> > >>> > >>>>Kimmo Koivisto wrote: > >>>> > >>>> > >>>> > >>>> > >>>>>Andrew Bartlett wrote: > >>>>>[snip] > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>Anyway, this is the error I get with the attached schema: > >>>>>> > >>>>>>[abartlet@piglett source]$ sudo /opt/fedora-ds/slapd-piglett/start-slapd > >>>>>>Password: > >>>>>>[22/Aug/2006:21:03:47 +1000] dse - The entry cn=schema in > >>>>>>file /opt/fedora-ds/slapd-piglett/config/schema/01samba4.ldif is > >>>>>>invalid, error code 20 (Type or value exists) - attribute type > >>>>>>streetAddress: Does not match the OID "1.2.840.113556.1.2.256". Another > >>>>>>attribute type is already using the name or OID. > >>>>>>[22/Aug/2006:21:03:47 +1000] dse - Please edit the file to correct the > >>>>>>reported problems and then restart the server. > >>>>>> > >>>>>>I can find no other reference (in the schema ldif files) to > >>>>>>streetAddress, or that OID. > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>See 00core.ldif: > >>>>>attributeTypes: ( 2.5.4.9 NAME ( 'street' 'streetaddress' ) DESC 'Standard > >>>>>LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC > >>>>>2256' ) > >>>>> > >>>>>Maybe this is what you wan't to remove? > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>It would be bad form to remove a standard attribute and replace it with > >>>>one of the same name but different OID. It would be better to use the > >>>>standard attribute. > >>>> > >>>> > >>>> > >>>What would go wrong if I did that? > >>> > >>> > >>> > >>The server might not start, apps might break. > >> > >> > > > >Do apps read the OID? I thought they just query by name. (The syntax is > >identical in this case). > > > > > > > Typically a careful client would request attributes by OID, change the > OID and you break the good apps. OK. I wasn't aware you could even do that. I know Samba4 doesn't support it :-) > >I was kind of hoping someone might be able to give me that list, so I > >can split the 00core.ldif. Once I know that list, I can place them into > >my excludes file, and not have the AD schema replace them. > > > > > Why not deal with the specific problems that arise when /adding/ the AD > schema? I'm guessing that would be a shorter list? Because the AD schema is a whole schema, not just some extra attributes/objectClasses, I need to be able to replace 'person', and many other classes that Microsoft has modified. Once I start replacing classes, I need to know the list of 'if I replace this, bad things happen'. I'm not sure, both lists are pretty long. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part