diff options
author | Endi S. Dewata <edewata@redhat.com> | 2009-10-23 20:09:07 -0500 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-11-02 16:36:53 +1100 |
commit | 8097280b468b7bcf26a0e17fdcaaccfb34d06415 (patch) | |
tree | ce7ceb937a32e4e18b3507caafd0b9f322ba7026 | |
parent | 1fc19ee7d0021e963923911bb440463aa79184fc (diff) | |
download | samba-8097280b468b7bcf26a0e17fdcaaccfb34d06415.tar.gz |
s4 - Mapped AD schema to existing FDS schema.
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 161 | ||||
-rw-r--r-- | source4/dsdb/schema/schema_convert_to_ol.c | 8 | ||||
-rw-r--r-- | source4/setup/fedorads-samba.ldif | 1 | ||||
-rw-r--r-- | source4/setup/fedorads.inf | 5 | ||||
-rw-r--r-- | source4/setup/schema-map-fedora-ds-1.0 | 63 |
5 files changed, 235 insertions, 3 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index de88178e39..d923e55484 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -530,7 +530,7 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = .type = LDB_MAP_CONVERT, .u = { .convert = { - .remote_name = "groupType", + .remote_name = "sambaGroupType", .convert_local = normalise_to_signed32, .convert_remote = val_copy, } @@ -592,6 +592,123 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } }, { + .local_name = "unixHomeDirectory", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "homeDirectory" + } + } + }, + { + .local_name = "pwdLastSet", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaPwdLastSet" + } + } + }, + { + .local_name = "lastLogon", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogonTime" + } + } + }, + { + .local_name = "lastLogoff", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogoffTime" + } + } + }, + { + .local_name = "badPwdCount", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaBadPasswordCount" + } + } + }, + { + .local_name = "logonHours", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogonHours" + } + } + }, + { + .local_name = "homeDrive", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaHomeDrive" + } + } + }, + { + .local_name = "scriptPath", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogonScript" + } + } + }, + { + .local_name = "profilePath", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaProfilePath" + } + } + }, + { + .local_name = "userWorkstations", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaUserWorkstations" + } + } + }, + { + .local_name = "homeDirectory", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaHomePath" + } + } + }, + { + .local_name = "nextRid", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaNextRid" + } + } + }, + { + .local_name = "privilegeDisplayName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaPrivName" + } + } + }, + { .local_name = "*", .type = LDB_MAP_KEEP, }, @@ -600,6 +717,46 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } }; +/* This objectClass conflicts with builtin classes on FDS */ +const struct ldb_map_objectclass nsuniqueid_objectclasses[] = +{ + { + .local_name = "domain", + .remote_name = "samba4Domain" + }, + { + .local_name = "rFC822LocalPart", + .remote_name = "samba4RFC822LocalPart" + }, + { + .local_name = "mailRecipient", + .remote_name = "samba4MailRecipient" + }, + { + .local_name = "nisMap", + .remote_name = "samba4NisMap" + }, + { + .local_name = "person", + .remote_name = "samba4Person" + }, + { + .local_name = "organizationalPerson", + .remote_name = "samba4OrganizationalPerson" + }, + { + .local_name = "residentialPerson", + .remote_name = "samba4ResidentialPerson" + }, + { + .local_name = "inetOrgPerson", + .remote_name = "samba4InetOrgPerson" + }, + { + .local_name = NULL + } +}; + /* These things do not show up in wildcard searches in OpenLDAP, but * we need them to show up in the AD-like view */ static const char * const nsuniqueid_wildcard_attributes[] = { @@ -626,7 +783,7 @@ static int entryuuid_init(struct ldb_module *module) static int nsuniqueid_init(struct ldb_module *module) { int ret; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, nsuniqueid_objectclasses, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; diff --git a/source4/dsdb/schema/schema_convert_to_ol.c b/source4/dsdb/schema/schema_convert_to_ol.c index c0ab5c2af8..f858dc35e9 100644 --- a/source4/dsdb/schema/schema_convert_to_ol.c +++ b/source4/dsdb/schema/schema_convert_to_ol.c @@ -91,6 +91,14 @@ static char *print_schema_recursive(char *append_to_string, struct dsdb_schema * } } + /* We might have been asked to remap this subClassOf, due to a conflict */ + for (j=0; subClassOf && attr_map && attr_map[j].old_attr; j++) { + if (strcasecmp(subClassOf, attr_map[j].old_attr) == 0) { + subClassOf = attr_map[j].new_attr; + break; + } + } + may = dsdb_full_attribute_list(mem_ctx, schema, &objectclass_name_as_el, DSDB_SCHEMA_ALL_MAY); for (j=0; may && may[j]; j++) { diff --git a/source4/setup/fedorads-samba.ldif b/source4/setup/fedorads-samba.ldif index 2d77adac09..cc0faf29ed 100644 --- a/source4/setup/fedorads-samba.ldif +++ b/source4/setup/fedorads-samba.ldif @@ -7,4 +7,5 @@ dn: CN=samba-admin,${SAMBADN} objectClass: top objectClass: person cn: samba-admin +sn: samba-admin userPassword: {CLEAR}${LDAPADMINPASS} diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index e0676c41df..9653f50325 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -26,6 +26,11 @@ cert_dir= ${LDAPDIR}/slapd-samba4 start_server= 0 install_full_schema= 0 SchemaFile=${LDAPDIR}/99_ad.ldif +SchemaFile=/etc/dirsrv/schema/10rfc2307.ldif +SchemaFile=/etc/dirsrv/schema/05rfc4523.ldif +SchemaFile=/etc/dirsrv/schema/05rfc4524.ldif +SchemaFile=/etc/dirsrv/schema/06inetorgperson.ldif +SchemaFile=/usr/share/dirsrv/data/60samba3.ldif ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif ConfigFile = ${LDAPDIR}/fedorads-pam.ldif diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index aac585b514..9298f382cb 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -1,4 +1,4 @@ -#Standard OpenLDAP attributes +#Standard Fedora DS attributes name objectClasses createTimeStamp @@ -12,6 +12,14 @@ description cn dITContentRules top +homePostalAddress +info +displayName +employeeNumber +employeeType +personalTitle +co +userSMIMECertificate #This should be provided by the LDAP server, only in our schema to permit provision aci #Skip ObjectClasses @@ -37,3 +45,56 @@ aci 1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.15 #Presentation Address as Directory String 1.3.6.1.4.1.1466.115.121.1.43:1.3.6.1.4.1.1466.115.121.1.15 + +#Remap into existing schema +unixHomeDirectory +unixHomeDirectory:homeDirectory +pwdLastSet +pwdLastSet:sambaPwdLastSet +lastLogon +lastLogon:sambaLogonTime +lastLogoff +lastLogoff:sambaLogoffTime +badPwdCount +badPwdCount:sambaBadPasswordCount +logonHours +logonHours:sambaLogonHours +homeDrive +homeDrive:sambaHomeDrive +scriptPath +scriptPath:sambaLogonScript +profilePath +profilePath:sambaProfilePath +userWorkstations +userWorkstations:sambaUserWorkstations +homeDirectory +homeDirectory:sambaHomePath +groupType +groupType:sambaGroupType +nextRid +nextRid:sambaNextRid +privilegeDisplayName +privilegeDisplayName:sambaPrivName + +#Resolve conflicting attributes +1.2.840.113556.1.4.484:fRSDirectoryFilter-oid +1.2.840.113556.1.4.483:fRSFileFilter-oid +1.2.840.113556.1.4.485:fRSUpdateTimeout-oid +2.16.840.1.113730.3.1.36:thumbnailLogo-oid +2.16.840.1.113730.3.1.35:thumbnailPhoto-oid +1.2.840.113556.1.4.481:schemaUpdate-oid + +#Resolve conflicting object classes +domain:samba4Domain +rFC822LocalPart:samba4RFC822LocalPart +mailRecipient:samba4MailRecipient +nisMap:samba4NisMap +0.9.2342.19200300.100.4.14:samba4RFC822LocalPart-oid +person:samba4Person +2.5.6.6:samba4Person-oid +organizationalPerson:samba4OrganizationalPerson +2.5.6.7:samba4OrganizationalPerson-oid +residentialPerson:samba4ResidentialPerson +2.5.6.10:samba4ResidentialPerson-oid +inetOrgPerson:samba4InetOrgPerson +2.16.840.1.113730.3.2.2:samba4InetOrgPerson-oid |