[389-users] Support for apple OS X schema?
Rich Megginson
rmeggins at redhat.com
Thu Jan 3 15:37:51 UTC 2013
On 12/27/2012 03:49 PM, Orion Poplawski wrote:
> On 12/27/2012 03:26 PM, Orion Poplawski wrote:
>> Has any work been done towards supporting Apple OS X ldap schema in
>> 389? It
>> seems like this is the latest OpenLDAP schema for Apple:
>>
>> http://opensource.apple.com/source/OpenLDAP/OpenLDAP-208.1/OpenLDAP/servers/slapd/schema/apple.schema
>>
>>
>>
>> Does anyone know of tools that would populate the various apple specific
>> entries like apple-generateduid?
>>
>> Thanks!
>>
>
> For what it is worth - I ran it through ol-schema-migrate.pl and got
> the attached file. But doesn't work:
>
> Starting dirsrv:
> cora-ldap2...[27/Dec/2012:15:43:01 -0700] attr_syntax_create -
> Error: the SUBSTR matching rule [caseExactIA5SubstringsMatch] is not
> compatible with the syntax [1.3.6.1.4.1.1466.115.121.1.24] for the
> attribute [apple-birthday]
> [27/Dec/2012:15:43:01 -0700] dse_read_one_file - The entry cn=schema
> in file /etc/dirsrv/slapd-cora-ldap2/schema/99apple.ldif (lineno: 1)
> is invalid, error code 20 (Type or value exists) - attribute type
> lastLoginTime: Does not match the OID "1.3.6.1.1.1.1.35". Another
> attribute type is already using the name or OID.
>
> The first looks like incompatibility between:
>
> EQUALITY generalizedTimeMatch
> SUBSTR caseExactIA5SubstringsMatch
Right.
>
> but I'm not familiar with this.
>
> lastLoginTime is in 60acctpolicy.ldif:
>
> ## lastLoginTime holds login state in user entries (GeneralizedTime
> syntax)
> attributeTypes: ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime'
> DESC 'Last login time'
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE
> directoryOperation
> X-ORIGIN 'Account Policy Plugin' )
Arg. This is the problem of using non-standard schema (both in Apple's
case and in our case). Both Apple and 389 defined the lastLoginTime
attribute, and unfortunately they are different.
I suppose you could just remove 60acctpolicy.ldif from your schema
directory if you want to use the Apple schema. But then you won't be
able to use the Account Policy Plugin to keep track of last login time
and account expiration.
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130103/97959937/attachment.html>
More information about the 389-users
mailing list