[Freeipa-users] Re: Compatibility Plugin .update file for Active Directory

Thu, 15 Jul 2021 22:53:38 -0700 

On to, 15 heinä 2021, Joseph Fry via FreeIPA-users wrote:

So I provided the solution detailed above to my customer and they are
putting it through its paces.  One thing they noticed was that the
directory errors log (e.g. /var/log/dirsrv/slapd-LAB-LOCAL/errors) is
reporting an unknown object class:

[15/Jul/2021:15:09:15.046703678 -0400] - ERR - slapi_entry_schema_check_ext - Entry 
"cn=test.lab.local,cn=adcomputers,cn=compat,dc=lab,dc=local" has unknown object class 
"computer"

[15/Jul/2021:15:09:15.096309439 -0400] - ERR - slapi_entry_schema_check_ext - Entry 
"cn=testgroup,cn=adcomputergroups,cn=compat,dc=lab,dc=local" has unknown object class 
"group"

I understand that those object classes aren't in the IPA schema, but I
thought that the whole point of the compatibility plugin was to make
things compatible with other schema's without actually modifying the
schema.  Is there a way to resolve this, or at least suppress the
errors?  Everything seems functional otherwise.


389-ds enforces schema compliance regardless of what you want to
represent to LDAP clients. There are two ways to solve this problem:

 - introduce proper LDAP object classes to the schema
 - use extensibleobject objectclass in the netry

As you'll find, introducing AD schema is almost impossible if you want
to serve IPA schema in the same LDAP instance, so you may want to add
objectclass 'extensibleObject' to your definitions.


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to