[Fedora-directory-devel] Samba4 onto Fedora DS
Pete Rowley
prowley at redhat.com
Wed Aug 23 17:14:09 UTC 2006
Andrew Bartlett wrote:
>On Tue, 2006-08-22 at 15:31 -0700, Pete Rowley wrote:
>
>
>>Andrew Bartlett wrote:
>>
>>
>>
>>
>>
>>>
>>>
>>I do understand your pain. The MS schema that is derived from the
>>standards is actually not compliant to them - MS made some modifications.
>>
>>
>
>Does anybody have some kind of graphical 'diff' of the schema
>modifications?
>
>
>
No, but with the two servers side by side a little script could do most
of the work for you by extracting the schema, sorting the results from
each, and then doing a diff.
>>>So I ended up just using the converted AD schema.
>>>
>>>
>>>
>>>
>>This is OK to get by for now, but I would strongly suggest an approach
>>that is more accomodating to the standards and also existing deployments
>>- few major deployers will want to change the standard schema.
>>
>>
>
>Indeed. And where Microsoft has just added attributes, I can see us
>just adding extra objectClasses during Samba4's mapping to cope with
>them.
>
>I'm however still not quite sure how we will cope with 'sn' being
>removed from person however. Perhaps an msPerson objectClass? (Used
>when we detect a person without an 'sn', and changed to a person if an
>'sn' is added?
>
>
In that case why worry? If MS removed an attribute it doesn't hurt us to
leave it in and doc the difference from AD and why. What's that phrase?
Embrace and extend :) Of more concern to me would be examples where the
schema for attributes have been changed e.g. AD defines some attributes
to be single valued that are defined as multi-valued in the relevant RFC.
>
>
>As I mention in my other mail. Ff it's that easy, then I've got a
>chance of getting this right...
>
>
>
You will not break things by changing the schema if you only add to the
schema. Most things that matter to the server are operational
attributes, don't touch any of those.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20060823/d4ca0cc0/attachment.bin
More information about the 389-devel
mailing list