Andrew Bartlett wrote:
No, but with the two servers side by side a little script could do most of the work for you by extracting the schema, sorting the results from each, and then doing a diff.On Tue, 2006-08-22 at 15:31 -0700, Pete Rowley wrote:Andrew Bartlett wrote:I do understand your pain. The MS schema that is derived from the standards is actually not compliant to them - MS made some modifications.Does anybody have some kind of graphical 'diff' of the schema modifications?
In that case why worry? If MS removed an attribute it doesn't hurt us to leave it in and doc the difference from AD and why. What's that phrase? Embrace and extend :) Of more concern to me would be examples where the schema for attributes have been changed e.g. AD defines some attributes to be single valued that are defined as multi-valued in the relevant RFC.This is OK to get by for now, but I would strongly suggest an approach that is more accomodating to the standards and also existing deployments - few major deployers will want to change the standard schema.So I ended up just using the converted AD schema.Indeed. And where Microsoft has just added attributes, I can see us just adding extra objectClasses during Samba4's mapping to cope withthem.I'm however still not quite sure how we will cope with 'sn' being removed from person however. Perhaps an msPerson objectClass? (Used when we detect a person without an 'sn', and changed to a person if an 'sn' is added?
You will not break things by changing the schema if you only add to the schema. Most things that matter to the server are operational attributes, don't touch any of those.As I mention in my other mail. Ff it's that easy, then I've got a chance of getting this right...
-- Pete
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
