Re: [Samba] Fwd: RE: samba4 pdc: Import sudoers active directory schema to ldb
This is a logical assumption that you made here, I tried both ways, but to no avail. At a closer look it seems this schema is incomplete, sudoers cn is missing. Go one step beyond and think what would the base search be when it comes to sudo section in sssd.conf(and mind that we have to index that too, in order to provide better performance for the queries and less scanning of the database). Greetings, George. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 pdc: Import sudoers active directory schema to ldb
Any updates on this? I am thinking this schema is lacking the sudoers base cn like in openldap we have ou=SUDOERS,cn=... From: mad-proffes...@hotmail.com To: samba@lists.samba.org CC: samba-techni...@lists.samba.org Subject: RE: [Samba] samba4 pdc: Import sudoers active directory schema to ldb Date: Sun, 30 Jun 2013 17:36:16 +0300 > Date: Sun, 30 Jun 2013 06:49:26 +0200 > From: g...@kzsdabas.hu > To: samba@lists.samba.org; mad-proffes...@hotmail.com > CC: samba-techni...@lists.samba.org > Subject: Re: [Samba] samba4 pdc: Import sudoers active directory schema to ldb > > 2013-06-29 11:00 keltezéssel, george Nopicture írta: > > Hi guys and congrats for bringing a fantastic project to the open source > > world. I' ve setup a samba4 pdc succefully and i am able to do domain > > logins. I was also able to add the automount schema into the ldb. But when > > it comes to sudoers schema i cant import it in. > > Further system details: > > Debian wheezy 7, > > samba 4.0.6 compiled from source, > > sudo-ldap standard binary package from repos. > > I have split the sudoers active directory schema that came with sudo to 2 > > ldifs(classSchema apart from attributeSchema) and tried to import them in > > but i had no luck. I googled around but came up nothing about it. > > This is the error i get: > > ERR: (Invalid attribute syntax) "LDAP error 21 > > LDAP_INVALID_ATTRIBUTE_SYNTAX - <200B: objectclass_attrs: attribute > > 'mayContain' on entry > > 'CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com' contains at > > least one invalid value!> <>" on DN > > CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com at block before > > line 31. > > > > > First: I've cc-ed samba-technical as extending the schema is still an > experimental feature. > Second: it would be helpful to be able to look at the ldif files you try > to load (messages like block before line 31 doesn't make too much sense > without it) > > Regards > > Geza Gemes Hello, it appears that i have directly sent you some emails at your personal email address, sorry for that.I am attaching the 2 files for the list and i am also posting their contents here. sudoers-class.ldif: dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: classSchema cn: sudoRole distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 possSuperiors: container possSuperiors: top subClassOf: top governsID: 1.3.6.1.4.1.15953.9.2.1 mayContain: sudoUser mayContain: sudoHost mayContain: sudoCommand mayContain: sudoRunAs mayContain: sudoOption mayContain: sudoRunAsUser mayContain: sudoRunAsGroup mayContain: sudoNotBefore mayContain: sudoNotAfter mayContain: sudoOrder rDNAttID: cn showInAdvancedViewOnly: FALSE adminDisplayName: sudoRole adminDescription: Sudoer Entries objectClassCategory: 1 lDAPDisplayName: sudoRole name: sudoRole schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w== systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=example,DC=com defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com sudoers.ldif dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoUser distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.1 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoUser adminDescription: User(s) who may run sudo oMSyntax: 22 searchFlags: 1 lDAPDisplayName: sudoUser name: sudoUser schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoHost distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.2 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoHost adminDescription: Host(s) who may run sudo oMSyntax: 22 lDAPDisplayName: sudoHost name: sudoHost schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoCommand distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.3 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoCommand adminDescription: Command(s) to be executed by sudo oMSyntax: 22
Re: [Samba] samba4 pdc: Import sudoers active directory schema to ldb
> Date: Sun, 30 Jun 2013 06:49:26 +0200 > From: g...@kzsdabas.hu > To: samba@lists.samba.org; mad-proffes...@hotmail.com > CC: samba-techni...@lists.samba.org > Subject: Re: [Samba] samba4 pdc: Import sudoers active directory schema to ldb > > 2013-06-29 11:00 keltezéssel, george Nopicture írta: > > Hi guys and congrats for bringing a fantastic project to the open source > > world. I' ve setup a samba4 pdc succefully and i am able to do domain > > logins. I was also able to add the automount schema into the ldb. But when > > it comes to sudoers schema i cant import it in. > > Further system details: > > Debian wheezy 7, > > samba 4.0.6 compiled from source, > > sudo-ldap standard binary package from repos. > > I have split the sudoers active directory schema that came with sudo to 2 > > ldifs(classSchema apart from attributeSchema) and tried to import them in > > but i had no luck. I googled around but came up nothing about it. > > This is the error i get: > > ERR: (Invalid attribute syntax) "LDAP error 21 > > LDAP_INVALID_ATTRIBUTE_SYNTAX - <200B: objectclass_attrs: attribute > > 'mayContain' on entry > > 'CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com' contains at > > least one invalid value!> <>" on DN > > CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com at block before > > line 31. > > > > > First: I've cc-ed samba-technical as extending the schema is still an > experimental feature. > Second: it would be helpful to be able to look at the ldif files you try > to load (messages like block before line 31 doesn't make too much sense > without it) > > Regards > > Geza Gemes Hello, it appears that i have directly sent you some emails at your personal email address, sorry for that.I am attaching the 2 files for the list and i am also posting their contents here. sudoers-class.ldif: dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: classSchema cn: sudoRole distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 possSuperiors: container possSuperiors: top subClassOf: top governsID: 1.3.6.1.4.1.15953.9.2.1 mayContain: sudoUser mayContain: sudoHost mayContain: sudoCommand mayContain: sudoRunAs mayContain: sudoOption mayContain: sudoRunAsUser mayContain: sudoRunAsGroup mayContain: sudoNotBefore mayContain: sudoNotAfter mayContain: sudoOrder rDNAttID: cn showInAdvancedViewOnly: FALSE adminDisplayName: sudoRole adminDescription: Sudoer Entries objectClassCategory: 1 lDAPDisplayName: sudoRole name: sudoRole schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w== systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=example,DC=com defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com sudoers.ldif dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoUser distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.1 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoUser adminDescription: User(s) who may run sudo oMSyntax: 22 searchFlags: 1 lDAPDisplayName: sudoUser name: sudoUser schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoHost distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.2 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoHost adminDescription: Host(s) who may run sudo oMSyntax: 22 lDAPDisplayName: sudoHost name: sudoHost schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoCommand distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.3 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoCommand adminDescription: Command(s) to be executed by sudo oMSyntax: 22 lDAPDisplayName: sudoCommand name: sudoCommand schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoRunAs distinguishedName: CN=sudoRunAs,CN=Schema,CN=Conf
[Samba] samba4 pdc: Import sudoers active directory schema to ldb
Hi guys and congrats for bringing a fantastic project to the open source world. I' ve setup a samba4 pdc succefully and i am able to do domain logins. I was also able to add the automount schema into the ldb. But when it comes to sudoers schema i cant import it in. Further system details: Debian wheezy 7, samba 4.0.6 compiled from source, sudo-ldap standard binary package from repos. I have split the sudoers active directory schema that came with sudo to 2 ldifs(classSchema apart from attributeSchema) and tried to import them in but i had no luck. I googled around but came up nothing about it. This is the error i get: ERR: (Invalid attribute syntax) "LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX - <200B: objectclass_attrs: attribute 'mayContain' on entry 'CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com' contains at least one invalid value!> <>" on DN CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com at block before line 31. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
