Date: Tue, 22 Aug 2006 17:54:05 -0700 From: Pete Rowley
<prowley@xxxxxxxxxx> Andrew Bartlett wrote: On Tue, 2006-08-22 at
15:35 -0700, Pete Rowley wrote:
>>Why not deal with the specific problems that arise when /adding/ the AD
>>schema? I'm guessing that would be a shorter list?
>
>Because the AD schema is a whole schema, not just some extra
>attributes/objectClasses, I need to be able to replace 'person', and
>many other classes that Microsoft has modified.
>
>Once I start replacing classes, I need to know the list of 'if I replace
>this, bad things happen'.
The problem is the list of broken things is open ended. Perhaps we
should drill down on a specific example (like the "person" objectclass
and associated attributes) and look at what is different. At least that
will make sure we are all talking about the same thing and the folks on
the list might have more targetted suggestions.
Though, I thought the plan was to make the DS look like AD through
Sambas lens? Are we just talking about an interim development situation
until you add the "lens"? If so, I say break what you like. Otherwise I
would have big concerns about integration with existing DS deployments.
Ultimately, if you need to make a clone of AD in order to satisfy
Windows clients, you are going to have to break the existing LDAP
standards the same way Microsoft did. You pretty much need bug-for-bug
compatibility, otherwise some random MS app will come along later and
break. This means doing such ugly things as requiring "cn" to be single-
valued, etc. etc. Consider that Microsoft redefines the "top"
objectclass to contain a plethora of attributes; it all goes downhill
from there. Andrew, I certainly don't envy you the job ahead of you.
Eventually, when you finish your work, you'll have another server that
is just as broken and non-compliant as Microsoft's. I don't see you
having a lot of choice in the matter, you just have to do what you have
to do. The MS schema just doesn't coexist with real LDAP...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
