From 8097280b468b7bcf26a0e17fdcaaccfb34d06415 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 23 Oct 2009 20:09:07 -0500 Subject: [PATCH] s4 - Mapped AD schema to existing FDS schema. --- .../dsdb/samdb/ldb_modules/simple_ldap_map.c | 161 +++++++++++++++++- source4/dsdb/schema/schema_convert_to_ol.c | 8 + source4/setup/fedorads-samba.ldif | 1 + source4/setup/fedorads.inf | 5 + source4/setup/schema-map-fedora-ds-1.0 | 63 ++++++- 5 files changed, 235 insertions(+), 3 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index de88178e39f..d923e55484a 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -530,7 +530,7 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = .type = LDB_MAP_CONVERT, .u = { .convert = { - .remote_name = "groupType", + .remote_name = "sambaGroupType", .convert_local = normalise_to_signed32, .convert_remote = val_copy, } @@ -591,6 +591,123 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } } }, + { + .local_name = "unixHomeDirectory", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "homeDirectory" + } + } + }, + { + .local_name = "pwdLastSet", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaPwdLastSet" + } + } + }, + { + .local_name = "lastLogon", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogonTime" + } + } + }, + { + .local_name = "lastLogoff", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogoffTime" + } + } + }, + { + .local_name = "badPwdCount", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaBadPasswordCount" + } + } + }, + { + .local_name = "logonHours", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogonHours" + } + } + }, + { + .local_name = "homeDrive", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaHomeDrive" + } + } + }, + { + .local_name = "scriptPath", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaLogonScript" + } + } + }, + { + .local_name = "profilePath", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaProfilePath" + } + } + }, + { + .local_name = "userWorkstations", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaUserWorkstations" + } + } + }, + { + .local_name = "homeDirectory", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaHomePath" + } + } + }, + { + .local_name = "nextRid", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaNextRid" + } + } + }, + { + .local_name = "privilegeDisplayName", + .type = MAP_RENAME, + .u = { + .rename = { + .remote_name = "sambaPrivName" + } + } + }, { .local_name = "*", .type = LDB_MAP_KEEP, @@ -600,6 +717,46 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] = } }; +/* This objectClass conflicts with builtin classes on FDS */ +const struct ldb_map_objectclass nsuniqueid_objectclasses[] = +{ + { + .local_name = "domain", + .remote_name = "samba4Domain" + }, + { + .local_name = "rFC822LocalPart", + .remote_name = "samba4RFC822LocalPart" + }, + { + .local_name = "mailRecipient", + .remote_name = "samba4MailRecipient" + }, + { + .local_name = "nisMap", + .remote_name = "samba4NisMap" + }, + { + .local_name = "person", + .remote_name = "samba4Person" + }, + { + .local_name = "organizationalPerson", + .remote_name = "samba4OrganizationalPerson" + }, + { + .local_name = "residentialPerson", + .remote_name = "samba4ResidentialPerson" + }, + { + .local_name = "inetOrgPerson", + .remote_name = "samba4InetOrgPerson" + }, + { + .local_name = NULL + } +}; + /* These things do not show up in wildcard searches in OpenLDAP, but * we need them to show up in the AD-like view */ static const char * const nsuniqueid_wildcard_attributes[] = { @@ -626,7 +783,7 @@ static int entryuuid_init(struct ldb_module *module) static int nsuniqueid_init(struct ldb_module *module) { int ret; - ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); + ret = ldb_map_init(module, nsuniqueid_attributes, nsuniqueid_objectclasses, nsuniqueid_wildcard_attributes, "extensibleObject", NULL); if (ret != LDB_SUCCESS) return ret; diff --git a/source4/dsdb/schema/schema_convert_to_ol.c b/source4/dsdb/schema/schema_convert_to_ol.c index c0ab5c2af85..f858dc35e90 100644 --- a/source4/dsdb/schema/schema_convert_to_ol.c +++ b/source4/dsdb/schema/schema_convert_to_ol.c @@ -91,6 +91,14 @@ static char *print_schema_recursive(char *append_to_string, struct dsdb_schema * } } + /* We might have been asked to remap this subClassOf, due to a conflict */ + for (j=0; subClassOf && attr_map && attr_map[j].old_attr; j++) { + if (strcasecmp(subClassOf, attr_map[j].old_attr) == 0) { + subClassOf = attr_map[j].new_attr; + break; + } + } + may = dsdb_full_attribute_list(mem_ctx, schema, &objectclass_name_as_el, DSDB_SCHEMA_ALL_MAY); for (j=0; may && may[j]; j++) { diff --git a/source4/setup/fedorads-samba.ldif b/source4/setup/fedorads-samba.ldif index 2d77adac097..cc0faf29edb 100644 --- a/source4/setup/fedorads-samba.ldif +++ b/source4/setup/fedorads-samba.ldif @@ -7,4 +7,5 @@ dn: CN=samba-admin,${SAMBADN} objectClass: top objectClass: person cn: samba-admin +sn: samba-admin userPassword: {CLEAR}${LDAPADMINPASS} diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf index e0676c41df9..9653f50325b 100644 --- a/source4/setup/fedorads.inf +++ b/source4/setup/fedorads.inf @@ -26,6 +26,11 @@ cert_dir= ${LDAPDIR}/slapd-samba4 start_server= 0 install_full_schema= 0 SchemaFile=${LDAPDIR}/99_ad.ldif +SchemaFile=/etc/dirsrv/schema/10rfc2307.ldif +SchemaFile=/etc/dirsrv/schema/05rfc4523.ldif +SchemaFile=/etc/dirsrv/schema/05rfc4524.ldif +SchemaFile=/etc/dirsrv/schema/06inetorgperson.ldif +SchemaFile=/usr/share/dirsrv/data/60samba3.ldif ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif ConfigFile = ${LDAPDIR}/fedorads-pam.ldif diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index aac585b5146..9298f382cbe 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -1,4 +1,4 @@ -#Standard OpenLDAP attributes +#Standard Fedora DS attributes name objectClasses createTimeStamp @@ -12,6 +12,14 @@ description cn dITContentRules top +homePostalAddress +info +displayName +employeeNumber +employeeType +personalTitle +co +userSMIMECertificate #This should be provided by the LDAP server, only in our schema to permit provision aci #Skip ObjectClasses @@ -37,3 +45,56 @@ aci 1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.15 #Presentation Address as Directory String 1.3.6.1.4.1.1466.115.121.1.43:1.3.6.1.4.1.1466.115.121.1.15 + +#Remap into existing schema +unixHomeDirectory +unixHomeDirectory:homeDirectory +pwdLastSet +pwdLastSet:sambaPwdLastSet +lastLogon +lastLogon:sambaLogonTime +lastLogoff +lastLogoff:sambaLogoffTime +badPwdCount +badPwdCount:sambaBadPasswordCount +logonHours +logonHours:sambaLogonHours +homeDrive +homeDrive:sambaHomeDrive +scriptPath +scriptPath:sambaLogonScript +profilePath +profilePath:sambaProfilePath +userWorkstations +userWorkstations:sambaUserWorkstations +homeDirectory +homeDirectory:sambaHomePath +groupType +groupType:sambaGroupType +nextRid +nextRid:sambaNextRid +privilegeDisplayName +privilegeDisplayName:sambaPrivName + +#Resolve conflicting attributes +1.2.840.113556.1.4.484:fRSDirectoryFilter-oid +1.2.840.113556.1.4.483:fRSFileFilter-oid +1.2.840.113556.1.4.485:fRSUpdateTimeout-oid +2.16.840.1.113730.3.1.36:thumbnailLogo-oid +2.16.840.1.113730.3.1.35:thumbnailPhoto-oid +1.2.840.113556.1.4.481:schemaUpdate-oid + +#Resolve conflicting object classes +domain:samba4Domain +rFC822LocalPart:samba4RFC822LocalPart +mailRecipient:samba4MailRecipient +nisMap:samba4NisMap +0.9.2342.19200300.100.4.14:samba4RFC822LocalPart-oid +person:samba4Person +2.5.6.6:samba4Person-oid +organizationalPerson:samba4OrganizationalPerson +2.5.6.7:samba4OrganizationalPerson-oid +residentialPerson:samba4ResidentialPerson +2.5.6.10:samba4ResidentialPerson-oid +inetOrgPerson:samba4InetOrgPerson +2.16.840.1.113730.3.2.2:samba4InetOrgPerson-oid -- 2.34.1