> Joseph Fry via FreeIPA-users wrote:
>
> It needs an exact match to what is in the schema. Try this:
>
> dn: cn=schema
> remove: objectClasses: ( 1.2.840.113556.1.3.30 NAME 'Computers' DESC 'AD
> Computers' SUP top STRUCTURAL MAY cn X-ORIGIN 'user defined' )
>
> rob
That worked... in fact what
Joseph Fry via FreeIPA-users wrote:
>> Thanks Rob... one problem, the objectclass name is
>> 'computer', and I missed it.
>>
>> What is the proper update syntax to remove the objectclass from the schema.
>>
>> I tried the following but it didn't work:
>> dn: cn=schema
>> remove: objectClasses: (1.2
> Thanks Rob... one problem, the objectclass name is
> 'computer', and I missed it.
>
> What is the proper update syntax to remove the objectclass from the schema.
>
> I tried the following but it didn't work:
> dn: cn=schema
> remove: objectClasses: (1.2.840.113556.1.3.30 NAME 'Computers' DESC '
> Joseph Fry via FreeIPA-users wrote:
>
> I didn't search particularly hard for what the AD Computers objectclass
> is supposed to look like but I think I found the OID anyway. Something
> like this is a bare-bones representation that *might* work. It's
> basically untested other than it didn't bu
Joseph Fry via FreeIPA-users wrote:
>> On ti, 20 heinä 2021, Joseph Fry via FreeIPA-users wrote:
>>
>> Regardless what compatibility plugin represents, the resulting entries
>> are processed by 389-ds LDAP server core. They have to follow the logic
>> and rules defined in 389-ds.
>>
>> As Rob said,
> On ti, 20 heinä 2021, Joseph Fry via FreeIPA-users wrote:
>
> Regardless what compatibility plugin represents, the resulting entries
> are processed by 389-ds LDAP server core. They have to follow the logic
> and rules defined in 389-ds.
>
> As Rob said, defining an object class for 'computer'
On ti, 20 heinä 2021, Joseph Fry via FreeIPA-users wrote:
Thanks Rob, I figured that would be the answer.
That said, do you think it is worth filing a bug report / feature
request. I see no reason to do schema validation on the objects
created by the compatibility plugin.
- Adds unnecessary lo
Thanks Rob, I figured that would be the answer.
That said, do you think it is worth filing a bug report / feature request. I
see no reason to do schema validation on the objects created by the
compatibility plugin.
- Adds unnecessary load on the server (checks the schema twice for every
obje
Joseph Fry via FreeIPA-users wrote:
> Unfortunately, the objectclass is the most important part. The client will
> only recognize the 'computer' object class as something it can import; as it
> requires the groups and groupOfNames object classes on the groups per the
> block below or import fai
Unfortunately, the objectclass is the most important part. The client will
only recognize the 'computer' object class as something it can import; as it
requires the groups and groupOfNames object classes on the groups per the block
below or import fails:
dn: cn=adcomputergroups, cn=Schema Comp
Joseph Fry via FreeIPA-users wrote:
> Tried adding the extensibleObject class as a
> "default:schema-compat-entry-attribute" and it just results in an extra error:
>
> [16/Jul/2021:15:06:28.366345301 -0400] - ERR - slapi_entry_schema_check_ext -
> Entry "cn=test.lab.local,cn=adcomputers,cn=compa
Tried adding the extensibleObject class as a
"default:schema-compat-entry-attribute" and it just results in an extra error:
[16/Jul/2021:15:06:28.366345301 -0400] - ERR - slapi_entry_schema_check_ext -
Entry "cn=test.lab.local,cn=adcomputers,cn=compat,dc=lab,dc=local" has unknown
object class "
On to, 15 heinä 2021, Joseph Fry via FreeIPA-users wrote:
So I provided the solution detailed above to my customer and they are
putting it through its paces. One thing they noticed was that the
directory errors log (e.g. /var/log/dirsrv/slapd-LAB-LOCAL/errors) is
reporting an unknown object clas
So I provided the solution detailed above to my customer and they are putting
it through its paces. One thing they noticed was that the directory errors log
(e.g. /var/log/dirsrv/slapd-LAB-LOCAL/errors) is reporting an unknown object
class:
[15/Jul/2021:15:09:15.046703678 -0400] - ERR - slapi_
> On ma, 28 kesä 2021, Joseph Fry via FreeIPA-users wrote:
>
> %deref() looks for directly referenced entries' content. %deref_r()
> chases all links by the attribute until the end. It allows you do
> hierarchical group traversal. This is all described in the
> format-specifiers.txt documentation.
On ma, 28 kesä 2021, Joseph Fry via FreeIPA-users wrote:
Perfect, thanks!
Just curious... Can you explain why %deref_r works in this line, but
just a plain %deref does't? default:schema-compat-entry-attribute:
member=cn=%deref_r("member","fqdn"),cn=adcomputers,cn=compat,$SUFFIX
Essentially I a
Perfect, thanks!
Just curious... Can you explain why %deref_r works in this line, but just a
plain %deref does't?
default:schema-compat-entry-attribute:
member=cn=%deref_r("member","fqdn"),cn=adcomputers,cn=compat,$SUFFIX
Essentially I am just taking the fqdn of the ipahost member attribute a
Joseph Fry via FreeIPA-users wrote:
> Thanks for that, would have been useful.
>
> However it still doesn't lay out all of the functions. I had to figure out
> that %deref_r allowed me to do a %deref but append a string to every result,
> through trial and error.
>
> I never did figure out wha
Thanks for that, would have been useful.
However it still doesn't lay out all of the functions. I had to figure out
that %deref_r allowed me to do a %deref but append a string to every result,
through trial and error.
I never did figure out what the %deref_f , %deref_rf, %link and %collect
fu
Hi,
the doc for the schema compatibility plugin is available here:
- https://pagure.io/slapi-nis/blob/master/f/doc/sch-getting-started.txt
- https://pagure.io/slapi-nis/blob/master/f/doc/sch-configuration.txt
HTH,
flo
On Mon, Jun 28, 2021 at 4:28 PM Rob Crittenden via FreeIPA-users <
freei
Joseph Fry via FreeIPA-users wrote:
> Well, I managed to figure out the %deref_r directive is what I was looking
> for and got my update file working. I am posting it here for anyone who
> wants to do the same. Its actually pretty simple... just creates two
> containers in compat, one contains
Well, I managed to figure out the %deref_r directive is what I was looking for
and got my update file working. I am posting it here for anyone who wants to
do the same. Its actually pretty simple... just creates two containers in
compat, one contains pseudo entries for every host, and the othe
Replying to myself again... sorry. While that reference is helpful, its
incomplete.
https://pagure.io/freeipa/raw/master/f/install/updates/80-schema_compat.update
shows several directives that are not described.
%deref_f
%deref_rf
%link
%collect
Is there better documentation of this template
Sorry for replying to myself... I think I found the reference I needed. Seen
this page 100 times, and I guess I didn't read far enough down.
https://www.freeipa.org/page/FreeIPAv2:Schema_Compatibility_Plug-in_Design#deref.28THISATTRIBUTE.2CTHATATTRIBUTE.29
___
24 matches
Mail list logo
