summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/lib/ldb/tools/ad2oLschema.c201
-rw-r--r--source4/lib/ldb/tools/convert.c2
-rw-r--r--source4/setup/provision_init.ldif2
-rw-r--r--source4/setup/schema-map-openldap-2.331
-rw-r--r--source4/setup/schema.ldif26
-rw-r--r--source4/setup/schema_samba4.ldif14
6 files changed, 191 insertions, 85 deletions
diff --git a/source4/lib/ldb/tools/ad2oLschema.c b/source4/lib/ldb/tools/ad2oLschema.c
index 75b03dd3b0..fba2966a2e 100644
--- a/source4/lib/ldb/tools/ad2oLschema.c
+++ b/source4/lib/ldb/tools/ad2oLschema.c
@@ -105,6 +105,11 @@ static const char *oc_attrs[] = {
"governsID",
"description",
"subClassOf",
+ "objectClassCategory",
+ "mustContain",
+ "systemMustContain",
+ "mayContain",
+ "systemMayContain",
NULL
};
@@ -229,6 +234,14 @@ static struct ldb_dn *find_schema_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ct
return schemadn;
}
+#define IF_NULL_FAIL_RET(x) do { \
+ if (!x) { \
+ ret.failures++; \
+ return ret; \
+ } \
+ } while (0)
+
+
static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_target target, FILE *in, FILE *out)
{
/* Read list of attributes to skip, OIDs to map */
@@ -242,6 +255,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
} *oid_map = NULL;
int num_maps = 0;
struct ldb_result *attrs_res, *objectclasses_res;
+ struct ldb_message *msg;
struct ldb_dn *schemadn;
struct schema_conv ret;
@@ -252,24 +266,36 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
ret.failures = 0;
while ((line = afdgets(fileno(in), mem_ctx, 0))) {
- if (!*line) {
- break;
+ /* Blank Line */
+ if (line[0] == '\0') {
+ continue;
+ }
+ /* Comment */
+ if (line[0] == '#') {
+ continue;
}
- if (isdigit(*line)) {
+ if (isdigit(line[0])) {
char *p = strchr(line, ':');
+ IF_NULL_FAIL_RET(p);
if (!p) {
ret.failures = 1;
return ret;
}
+ p[0] = '\0';
p++;
oid_map = talloc_realloc(mem_ctx, oid_map, struct oid_map, num_maps + 2);
+ trim_string(line, " ", " ");
oid_map[num_maps].old_oid = talloc_steal(oid_map, line);
+ trim_string(p, " ", " ");
oid_map[num_maps].new_oid = p;
num_maps++;
oid_map[num_maps].old_oid = NULL;
} else {
attrs_skip = talloc_realloc(mem_ctx, attrs_skip, const char *, num_skip + 2);
+ trim_string(line, " ", " ");
attrs_skip[num_skip] = talloc_steal(attrs_skip, line);
+ num_skip++;
+ attrs_skip[num_skip] = NULL;
}
}
@@ -288,17 +314,19 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
}
for (i=0; i < attrs_res->count; i++) {
- const char *name = ldb_msg_find_attr_as_string(attrs_res->msgs[i], "lDAPDisplayName", NULL);
- const char *description = ldb_msg_find_attr_as_string(attrs_res->msgs[i], "description", NULL);
- const char *oid = ldb_msg_find_attr_as_string(attrs_res->msgs[i], "attributeID", NULL);
- const char *syntax = ldb_msg_find_attr_as_string(attrs_res->msgs[i], "attributeSyntax", NULL);
- BOOL single_value = ldb_msg_find_attr_as_bool(attrs_res->msgs[i], "isSingleValued", False);
+ msg = attrs_res->msgs[i];
+
+ const char *name = ldb_msg_find_attr_as_string(msg, "lDAPDisplayName", NULL);
+ const char *description = ldb_msg_find_attr_as_string(msg, "description", NULL);
+ const char *oid = ldb_msg_find_attr_as_string(msg, "attributeID", NULL);
+ const char *syntax = ldb_msg_find_attr_as_string(msg, "attributeSyntax", NULL);
+ BOOL single_value = ldb_msg_find_attr_as_bool(msg, "isSingleValued", False);
const struct syntax_map *map = find_syntax_map_by_ad_oid(syntax);
char *schema_entry = NULL;
int j;
/* We have been asked to skip some attributes/objectClasses */
- if (in_list(attrs_skip, name, False)) {
+ if (str_list_check_ci(attrs_skip, name)) {
ret.skipped++;
continue;
}
@@ -323,61 +351,49 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
" %s\n", oid);
break;
}
- if (!schema_entry) {
- ret.failures++;
- break;
- }
+ IF_NULL_FAIL_RET(schema_entry);
schema_entry = talloc_asprintf_append(schema_entry,
" NAME '%s'\n", name);
- if (!schema_entry) {
- ret.failures++;
- return ret;
- }
-
- if (!schema_entry) return ret;
+ IF_NULL_FAIL_RET(schema_entry);
if (description) {
schema_entry = talloc_asprintf_append(schema_entry,
" DESC %s\n", description);
- if (!schema_entry) {
- ret.failures++;
- return ret;
- }
+ IF_NULL_FAIL_RET(schema_entry);
}
if (map) {
+ const char *syntax_oid;
if (map->equality) {
schema_entry = talloc_asprintf_append(schema_entry,
" EQUALITY %s\n", map->equality);
- if (!schema_entry) {
- ret.failures++;
- return ret;
- }
+ IF_NULL_FAIL_RET(schema_entry);
}
if (map->substring) {
schema_entry = talloc_asprintf_append(schema_entry,
- " SUBSTRING %s\n", map->substring);
- if (!schema_entry) {
- ret.failures++;
- return ret;
+ " SUBSTR %s\n", map->substring);
+ IF_NULL_FAIL_RET(schema_entry);
+ }
+ syntax_oid = map->Standard_OID;
+ /* We might have been asked to remap this oid,
+ * due to a conflict, or lack of
+ * implementation */
+ for (j=0; syntax_oid && oid_map[j].old_oid; j++) {
+ if (strcmp(syntax_oid, oid_map[j].old_oid) == 0) {
+ syntax_oid = oid_map[j].new_oid;
+ break;
}
}
schema_entry = talloc_asprintf_append(schema_entry,
- " SYNTAX %s\n", map->Standard_OID);
- if (!schema_entry) {
- ret.failures++;
- return ret;
- }
+ " SYNTAX %s\n", syntax_oid);
+ IF_NULL_FAIL_RET(schema_entry);
}
if (single_value) {
schema_entry = talloc_asprintf_append(schema_entry,
" SINGLE-VALUE\n");
- if (!schema_entry) {
- ret.failures++;
- return ret;
- }
+ IF_NULL_FAIL_RET(schema_entry);
}
schema_entry = talloc_asprintf_append(schema_entry,
@@ -394,15 +410,21 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
}
for (i=0; i < objectclasses_res->count; i++) {
- const char *name = ldb_msg_find_attr_as_string(objectclasses_res->msgs[i], "lDAPDisplayName", NULL);
- const char *description = ldb_msg_find_attr_as_string(objectclasses_res->msgs[i], "description", NULL);
- const char *oid = ldb_msg_find_attr_as_string(objectclasses_res->msgs[i], "governsID", NULL);
- const char *subClassOf = ldb_msg_find_attr_as_string(objectclasses_res->msgs[i], "subClassOf", NULL);
+ msg = objectclasses_res->msgs[i];
+ const char *name = ldb_msg_find_attr_as_string(msg, "lDAPDisplayName", NULL);
+ const char *description = ldb_msg_find_attr_as_string(msg, "description", NULL);
+ const char *oid = ldb_msg_find_attr_as_string(msg, "governsID", NULL);
+ const char *subClassOf = ldb_msg_find_attr_as_string(msg, "subClassOf", NULL);
+ int objectClassCategory = ldb_msg_find_attr_as_int(msg, "objectClassCategory", 0);
+ struct ldb_message_element *must = ldb_msg_find_element(msg, "mustContain");
+ struct ldb_message_element *sys_must = ldb_msg_find_element(msg, "systemMustContain");
+ struct ldb_message_element *may = ldb_msg_find_element(msg, "mayContain");
+ struct ldb_message_element *sys_may = ldb_msg_find_element(msg, "systemMayContain");
char *schema_entry = NULL;
int j;
/* We have been asked to skip some attributes/objectClasses */
- if (in_list(attrs_skip, name, False)) {
+ if (str_list_check_ci(attrs_skip, name)) {
ret.skipped++;
continue;
}
@@ -418,7 +440,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
switch (target) {
case TARGET_OPENLDAP:
schema_entry = talloc_asprintf(mem_ctx,
- "objectClass (\n"
+ "objectclass (\n"
" %s\n", oid);
break;
case TARGET_FEDORA_DS:
@@ -427,6 +449,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
" %s\n", oid);
break;
}
+ IF_NULL_FAIL_RET(schema_entry);
if (!schema_entry) {
ret.failures++;
break;
@@ -434,29 +457,93 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
schema_entry = talloc_asprintf_append(schema_entry,
" NAME '%s'\n", name);
- if (!schema_entry) {
- ret.failures++;
- return ret;
- }
+ IF_NULL_FAIL_RET(schema_entry);
if (!schema_entry) return ret;
if (description) {
schema_entry = talloc_asprintf_append(schema_entry,
" DESC %s\n", description);
- if (!schema_entry) {
- ret.failures++;
- return ret;
- }
+ IF_NULL_FAIL_RET(schema_entry);
}
if (subClassOf) {
schema_entry = talloc_asprintf_append(schema_entry,
" SUP %s\n", subClassOf);
- if (!schema_entry) {
- ret.failures++;
- return ret;
+ IF_NULL_FAIL_RET(schema_entry);
+ }
+
+ switch (objectClassCategory) {
+ case 1:
+ schema_entry = talloc_asprintf_append(schema_entry,
+ " STRUCTURAL\n");
+ IF_NULL_FAIL_RET(schema_entry);
+ break;
+ case 2:
+ schema_entry = talloc_asprintf_append(schema_entry,
+ " ABSTRACT\n");
+ IF_NULL_FAIL_RET(schema_entry);
+ break;
+ case 3:
+ schema_entry = talloc_asprintf_append(schema_entry,
+ " AUXILIARY\n");
+ IF_NULL_FAIL_RET(schema_entry);
+ break;
+ }
+
+#define APPEND_ATTRS(attributes) \
+ do { \
+ int k; \
+ for (k=0; attributes && k < attributes->num_values; k++) { \
+ schema_entry = talloc_asprintf_append(schema_entry, \
+ " %s", \
+ (const char *)attributes->values[k].data); \
+ IF_NULL_FAIL_RET(schema_entry); \
+ if (k != (attributes->num_values - 1)) { \
+ schema_entry = talloc_asprintf_append(schema_entry, \
+ " $"); \
+ IF_NULL_FAIL_RET(schema_entry); \
+ if ((k+1)%5 == 0) { \
+ schema_entry = talloc_asprintf_append(schema_entry, \
+ "\n "); \
+ IF_NULL_FAIL_RET(schema_entry); \
+ } \
+ } \
+ } \
+ } while (0)
+
+ if (must || sys_must) {
+ schema_entry = talloc_asprintf_append(schema_entry,
+ " MUST (");
+ IF_NULL_FAIL_RET(schema_entry);
+
+ APPEND_ATTRS(must);
+ if (must && sys_must) {
+ schema_entry = talloc_asprintf_append(schema_entry, \
+ " $"); \
}
+ APPEND_ATTRS(sys_must);
+
+ schema_entry = talloc_asprintf_append(schema_entry,
+ ")\n");
+ IF_NULL_FAIL_RET(schema_entry);
+ }
+
+ if (may || sys_may) {
+ schema_entry = talloc_asprintf_append(schema_entry,
+ " MAY (");
+ IF_NULL_FAIL_RET(schema_entry);
+
+ APPEND_ATTRS(may);
+ if (may && sys_may) {
+ schema_entry = talloc_asprintf_append(schema_entry, \
+ " $"); \
+ }
+ APPEND_ATTRS(sys_may);
+
+ schema_entry = talloc_asprintf_append(schema_entry,
+ " )\n");
+ IF_NULL_FAIL_RET(schema_entry);
}
schema_entry = talloc_asprintf_append(schema_entry,
diff --git a/source4/lib/ldb/tools/convert.c b/source4/lib/ldb/tools/convert.c
index 222bb3cfd0..35f56f51d3 100644
--- a/source4/lib/ldb/tools/convert.c
+++ b/source4/lib/ldb/tools/convert.c
@@ -48,7 +48,7 @@ static const struct syntax_map syntax_map[] = {
.comment = "Case Insensitive String"
},
{
- .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.44",
+ .Standard_OID = "1.3.6.1.4.1.1466.115.121.1.26",
.AD_OID = "2.5.5.5",
.equality = "caseExactIA5Match",
.comment = "Printable String"
diff --git a/source4/setup/provision_init.ldif b/source4/setup/provision_init.ldif
index 7414368d44..914184a35b 100644
--- a/source4/setup/provision_init.ldif
+++ b/source4/setup/provision_init.ldif
@@ -10,6 +10,8 @@ dn: @INDEXLIST
@IDXATTR: unixName
@IDXATTR: privilege
@IDXATTR: nCName
+@IDXATTR: lDAPDisplayName
+@IDXATTR: subClassOf
dn: @ATTRIBUTES
userPrincipalName: CASE_INSENSITIVE
diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3
new file mode 100644
index 0000000000..f270b983c5
--- /dev/null
+++ b/source4/setup/schema-map-openldap-2.3
@@ -0,0 +1,31 @@
+#Standard OpenLDAP attributes
+name
+labeledURI
+objectClasses
+createTimeStamp
+attributeTypes
+objectClass
+userPassword
+seeAlso
+uid
+subSchemaSubEntry
+structuralObjectClass
+modifyTimeStamp
+distinguishedName
+description
+cn
+dITContentRules
+top
+#Skip ObjectClasses
+subSchema
+#
+#MiddleName has a conflicting OID
+2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.1.8
+#This large integer format is unimplemented in OpenLDAP 2.3
+1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27
+#This case insensitive string isn't available
+1.2.840.113556.1.4.905:1.3.6.1.4.1.1466.115.121.1.44
+#This type of DN isn't in OpenLDAP
+1.2.840.113556.1.4.903:1.3.6.1.4.1.1466.115.121.1.12
+#Treat Security Descriptors as binary
+1.2.840.113556.1.4.907:1.3.6.1.4.1.1466.115.121.1.40 \ No newline at end of file
diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif
index f4d31a5ed0..6f8f62d080 100644
--- a/source4/setup/schema.ldif
+++ b/source4/setup/schema.ldif
@@ -568,19 +568,19 @@ adminDisplayName: houseIdentifier
attributeID: 2.5.4.51
attributeSyntax: 2.5.5.12
-#dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
-#cn: middleName
-#name: middleName
-#objectClass: top
-#objectClass: attributeSchema
-#lDAPDisplayName: middleName
-#isSingleValued: TRUE
-#systemFlags: 16
-#systemOnly: FALSE
-#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
-#adminDisplayName: Other-Name
-#attributeID: 2.16.840.1.113730.3.1.34
-#attributeSyntax: 2.5.5.12
+dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
+cn: middleName
+name: middleName
+objectClass: top
+objectClass: attributeSchema
+lDAPDisplayName: middleName
+isSingleValued: TRUE
+systemFlags: 16
+systemOnly: FALSE
+schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
+adminDisplayName: Other-Name
+attributeID: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
dn: CN=replTopologyStayOfExecution,CN=Schema,CN=Configuration,${BASEDN}
cn: replTopologyStayOfExecution
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 94b79bd31f..61af0936dc 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -106,20 +106,6 @@ adminDisplayName: Privilege
attributeID: 1.3.6.1.4.1.7165.4.1.7
attributeSyntax: 2.5.5.4
-dn: CN=middleName,CN=Schema,CN=Configuration,${BASEDN}
-cn: middleName
-name: middleName
-objectClass: top
-objectClass: attributeSchema
-lDAPDisplayName: middleName
-sSingleValued: TRUE
-systemFlags: 16
-systemOnly: FALSE
-schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
-adminDisplayName: Other-Name
-attributeID: 1.3.6.1.4.1.7165.4.1.8
-attributeSyntax: 2.5.5.12
-
dn: CN=unixName,CN=Schema,CN=Configuration,${BASEDN}
cn: unixName
name: unixName