On Tue, 2006-08-22 at 15:31 -0700, Pete Rowley wrote: > Andrew Bartlett wrote: > > >On Tue, 2006-08-22 at 10:03 -0700, Pete Rowley wrote: > > > >When I started with OpenLDAP, I initially tried to load standard schema, > >then Microsoft's modifications, but very quickly got into a mess: > >Because I wanted a reproducible solution, I didn't want to edit these > >schema files, but they declared objectClasses that I had to override. > > > > > I do understand your pain. The MS schema that is derived from the > standards is actually not compliant to them - MS made some modifications. Does anybody have some kind of graphical 'diff' of the schema modifications? > >So I ended up just using the converted AD schema. > > > > > This is OK to get by for now, but I would strongly suggest an approach > that is more accomodating to the standards and also existing deployments > - few major deployers will want to change the standard schema. Indeed. And where Microsoft has just added attributes, I can see us just adding extra objectClasses during Samba4's mapping to cope with them. I'm however still not quite sure how we will cope with 'sn' being removed from person however. Perhaps an msPerson objectClass? (Used when we detect a person without an 'sn', and changed to a person if an 'sn' is added? But this is a long way off. I'm hoping to work with a bare-bones, 'not really LDAP any more' DS for now. > >Would it be possible to split the 00core.ldif into 'attributes required > >for the operation of the directory' and 'core ldap standards'? > > > Sure, all of the schema files are just split as a matter of convenience > and managability. > > > What > >will happen if I fail to load the 'attributes required for operation of > >the directory'? > > > > > The directory won't operate? :) As I mention in my other mail. Ff it's that easy, then I've got a chance of getting this right... Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part
