summaryrefslogtreecommitdiff
path: root/source4/lib
diff options
context:
space:
mode:
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/ldb/Makefile.ldb6
-rw-r--r--source4/lib/ldb/modules/schema.c65
-rw-r--r--source4/lib/ldb/tests/schema-add-test.ldif66
-rw-r--r--source4/lib/ldb/tests/schema-mod-test.ldif25
-rw-r--r--source4/lib/ldb/tests/schema.ldif634
-rwxr-xr-xsource4/lib/ldb/tests/test-schema.sh20
6 files changed, 764 insertions, 52 deletions
diff --git a/source4/lib/ldb/Makefile.ldb b/source4/lib/ldb/Makefile.ldb
index 29d33007da..791a345f72 100644
--- a/source4/lib/ldb/Makefile.ldb
+++ b/source4/lib/ldb/Makefile.ldb
@@ -96,7 +96,11 @@ test-ldap:
@echo "STARTING LDAP BACKEND TEST"
tests/test-ldap.sh
-test: test-tdb test-ldap
+test-schema:
+ @echo "STARTING SCHEMA MODULE TEST"
+ tests/test-schema.sh
+
+test: test-tdb test-ldap test-schema
gcov:
gcov -po ldb_ldap ldb_ldap/*.c 2| tee ldb_ldap.report.gcov
diff --git a/source4/lib/ldb/modules/schema.c b/source4/lib/ldb/modules/schema.c
index 7a772d87aa..97cc26a0dd 100644
--- a/source4/lib/ldb/modules/schema.c
+++ b/source4/lib/ldb/modules/schema.c
@@ -32,6 +32,7 @@
* Author: Simo Sorce
*/
+#include <ctype.h>
#include "includes.h"
#include "ldb/include/ldb.h"
#include "ldb/include/ldb_private.h"
@@ -74,7 +75,6 @@ static struct attribute_syntax attrsyn[] = {
struct private_data {
- struct ldb_context *schema_db;
const char *error_string;
};
@@ -273,6 +273,7 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context
}
if (!ok) {
/* Schema Violation: Object Class Description Not Found */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Objectclass %s not found.\n", schema_struct->objectclass_list[i].name);
data->error_string = "ObjectClass not found";
return -1;
}
@@ -280,11 +281,13 @@ static int get_attr_list_recursive(struct ldb_module *module, struct ldb_context
} else {
if (ret < 0) {
/* Schema DB Error: Error occurred retrieving Object Class Description */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Error retrieving Objectclass %s.\n", schema_struct->objectclass_list[i].name);
data->error_string = "Internal error. Error retrieving schema objectclass";
return -1;
}
if (ret > 1) {
/* Schema DB Error: Too Many Records */
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Too many records found retrieving Objectclass %s.\n", schema_struct->objectclass_list[i].name);
data->error_string = "Internal error. Too many records searching for schema objectclass";
return -1;
}
@@ -393,7 +396,7 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message
}
/* find all other objectclasses recursively */
- ret = get_attr_list_recursive(module, data->schema_db, entry_structs);
+ ret = get_attr_list_recursive(module, module->ldb, entry_structs);
if (ret != 0) {
talloc_free(entry_structs);
return ret;
@@ -413,7 +416,8 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message
}
if ( ! found ) {
- data->error_string = "Objectclass violation, a required attribute is mischema_structing";
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The required attribute %s is missing.\n", entry_structs->must[i].name);
+ data->error_string = "Objectclass violation, a required attribute is missing";
talloc_free(entry_structs);
return -1;
}
@@ -435,6 +439,7 @@ static int schema_add_record(struct ldb_module *module, const struct ldb_message
}
if ( ! found ) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The attribute %s is not referenced by any objectclass.\n", entry_structs->check_list[i].name);
data->error_string = "Objectclass violation, an invalid attribute name was found";
talloc_free(entry_structs);
return -1;
@@ -487,7 +492,7 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
}
/* find all modify objectclasses recursively if any objectclass is being added */
- ret = get_attr_list_recursive(module, data->schema_db, modify_structs);
+ ret = get_attr_list_recursive(module, module->ldb, modify_structs);
if (ret != 0) {
talloc_free(entry_structs);
return ret;
@@ -501,7 +506,7 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
}
/* find all other objectclasses recursively */
- ret = get_attr_list_recursive(module, data->schema_db, entry_structs);
+ ret = get_attr_list_recursive(module, module->ldb, entry_structs);
if (ret != 0) {
talloc_free(entry_structs);
return ret;
@@ -517,6 +522,7 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
for (j = 0; j < entry_structs->must_num; j++) {
if (schema_attr_cmp(entry_structs->must[j].name, modify_structs->check_list[i].name) == 0) {
if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Trying to delete the required attribute %s.\n", modify_structs->check_list[i].name);
data->error_string = "Objectclass violation: trying to delete a required attribute";
talloc_free(entry_structs);
return -1;
@@ -544,6 +550,7 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
for (j = 0; j < modify_structs->check_list_num; j++) {
if (schema_attr_cmp(modify_structs->must[i].name, modify_structs->check_list[j].name) == 0) {
if ((modify_structs->check_list[i].flags & SCHEMA_FLAG_MOD_MASK) == SCHEMA_FLAG_MOD_DELETE) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Trying to delete the required attribute %s.\n", modify_structs->must[i].name);
data->error_string = "Objectclass violation: trying to delete a required attribute";
talloc_free(entry_structs);
return -1;
@@ -555,6 +562,7 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
}
if ( ! found ) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The required attribute %s is missing.\n", modify_structs->must[i].name);
data->error_string = "Objectclass violation, a required attribute is missing";
talloc_free(entry_structs);
return -1;
@@ -578,6 +586,7 @@ static int schema_modify_record(struct ldb_module *module, const struct ldb_mess
}
if ( ! found ) {
+ ldb_debug(module->ldb, LDB_DEBUG_ERROR, "The attribute %s is not referenced by any objectclass.\n", modify_structs->check_list[i].name);
data->error_string = "Objectclass violation, an invalid attribute name was found";
talloc_free(entry_structs);
return -1;
@@ -641,9 +650,6 @@ static const struct ldb_module_ops schema_ops = {
schema_errstring,
};
-#define SCHEMA_PREFIX "schema:"
-#define SCHEMA_PREFIX_LEN 7
-
#ifdef HAVE_DLOPEN_DISABLED
struct ldb_module *init_module(struct ldb_context *ldb, const char *options[])
#else
@@ -652,58 +658,15 @@ struct ldb_module *schema_module_init(struct ldb_context *ldb, const char *optio
{
struct ldb_module *ctx;
struct private_data *data;
- char *db_url = NULL;
- int i;
ctx = talloc(ldb, struct ldb_module);
if (!ctx) {
return NULL;
}
- if (options) {
- for (i = 0; options[i] != NULL; i++) {
- if (strncmp(options[i], SCHEMA_PREFIX, SCHEMA_PREFIX_LEN) == 0) {
- db_url = talloc_strdup(ctx, &options[i][SCHEMA_PREFIX_LEN]);
- SCHEMA_TALLOC_CHECK(ctx, db_url, NULL);
- }
- }
- }
-
- if (!db_url) { /* search if it is defined in the calling ldb */
- int ret;
- const char * attrs[] = { "@SCHEMADB", NULL };
- struct ldb_message **msgs;
-
- ret = ldb_search(ldb, "", LDB_SCOPE_BASE, "dn=@MODULES", (const char * const *)attrs, &msgs);
- if (ret == 0) {
- ldb_debug(ldb, LDB_DEBUG_TRACE, "Schema DB not found\n");
- ldb_search_free(ldb, msgs);
- return NULL;
- } else {
- if (ret < 0) {
- ldb_debug(ldb, LDB_DEBUG_FATAL, "ldb error (%s) occurred searching for schema db, bailing out!\n", ldb_errstring(ldb));
- ldb_search_free(ldb, msgs);
- return NULL;
- }
- if (ret > 1) {
- ldb_debug(ldb, LDB_DEBUG_FATAL, "Too many records found, bailing out\n");
- ldb_search_free(ldb, msgs);
- return NULL;
- }
-
- db_url = talloc_strndup(ctx, msgs[0]->elements[0].values[0].data, msgs[0]->elements[0].values[0].length);
- SCHEMA_TALLOC_CHECK(ctx, db_url, NULL);
- }
-
- ldb_search_free(ldb, msgs);
- }
-
data = talloc(ctx, struct private_data);
SCHEMA_TALLOC_CHECK(ctx, data, NULL);
- data->schema_db = ldb_connect(db_url, 0, NULL);
- SCHEMA_TALLOC_CHECK(ctx, data->schema_db, NULL);
-
data->error_string = NULL;
ctx->private_data = data;
ctx->ldb = ldb;
diff --git a/source4/lib/ldb/tests/schema-add-test.ldif b/source4/lib/ldb/tests/schema-add-test.ldif
new file mode 100644
index 0000000000..997b801d84
--- /dev/null
+++ b/source4/lib/ldb/tests/schema-add-test.ldif
@@ -0,0 +1,66 @@
+dn: CN=Users,DC=schema,DC=test
+objectClass: top
+objectClass: container
+cn: Users
+description: Default container for upgraded user accounts
+instanceType: 4
+whenCreated: 20050116175504.0Z
+whenChanged: 20050116175504.0Z
+uSNCreated: 1
+uSNChanged: 1
+showInAdvancedViewOnly: FALSE
+name: Users
+objectGUID: b847056a-9934-d87b-8a1a-99fabe0863c8
+systemFlags: 0x8c000000
+objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=schema,DC=test
+isCriticalSystemObject: TRUE
+nTSecurityDescriptor: foo
+
+dn: CN=Administrator,CN=Users,DC=schema,DC=test
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+cn: Administrator
+description: Built-in account for administering the computer/domain
+instanceType: 4
+whenCreated: 20050116175504.0Z
+whenChanged: 20050116175504.0Z
+uSNCreated: 1
+memberOf: CN=Group Policy Creator Owners,CN=Users,DC=schema,DC=test
+memberOf: CN=Domain Admins,CN=Users,DC=schema,DC=test
+memberOf: CN=Enterprise Admins,CN=Users,DC=schema,DC=test
+memberOf: CN=Schema Admins,CN=Users,DC=schema,DC=test
+memberOf: CN=Administrators,CN=Builtin,DC=schema,DC=test
+uSNChanged: 1
+name: Administrator
+objectGUID: 6c02f98c-46c6-aa38-5f13-a510cac04e6c
+userAccountControl: 0x10200
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+objectSid: S-1-5-21-43662522-77495566-38969261-500
+adminCount: 1
+accountExpires: -1
+logonCount: 0
+sAMAccountName: Administrator
+sAMAccountType: 0x30000000
+objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+isCriticalSystemObject: TRUE
+unicodePwd: samba
+nTSecurityDescriptor: foo
+
+dn: CN=Test,CN=Users,DC=schema,DC=test
+objectClass: top
+objectClass: test
+cn: Test
+description: This is a test
+objectCategory: CN=Test,CN=Schema,CN=Configuration,DC=schema,DC=test
+nTSecurityDescriptor: foo
+instanceType: 4
+
diff --git a/source4/lib/ldb/tests/schema-mod-test.ldif b/source4/lib/ldb/tests/schema-mod-test.ldif
new file mode 100644
index 0000000000..8e36de7bf5
--- /dev/null
+++ b/source4/lib/ldb/tests/schema-mod-test.ldif
@@ -0,0 +1,25 @@
+dn: CN=Test,CN=Users,DC=schema,DC=test
+changetype: modify
+replace: description
+description: this test must not fail
+
+dn: CN=Test,CN=Users,DC=schema,DC=test
+changetype: modify
+delete: description
+# this test must not fail
+
+dn: CN=Test,CN=Users,DC=schema,DC=test
+changetype: modify
+add: description
+description: this test must not fail
+
+dn: CN=Test,CN=Users,DC=schema,DC=test
+changetype: modify
+add: foo
+foo: this test must fail
+
+dn: CN=Test,CN=Users,DC=schema,DC=test
+changetype: modify
+delete: nTSecurityDescriptor
+# this test must fail
+
diff --git a/source4/lib/ldb/tests/schema.ldif b/source4/lib/ldb/tests/schema.ldif
new file mode 100644
index 0000000000..2661ae30c5
--- /dev/null
+++ b/source4/lib/ldb/tests/schema.ldif
@@ -0,0 +1,634 @@
+dn: @INDEXLIST
+@IDXATTR: name
+@IDXATTR: sAMAccountName
+@IDXATTR: objectSid
+@IDXATTR: objectClass
+@IDXATTR: member
+@IDXATTR: unixID
+@IDXATTR: unixName
+@IDXATTR: privilege
+
+dn: @ATTRIBUTES
+realm: CASE_INSENSITIVE
+userPrincipalName: CASE_INSENSITIVE
+servicePrincipalName: CASE_INSENSITIVE
+name: CASE_INSENSITIVE WILDCARD
+dn: CASE_INSENSITIVE WILDCARD
+sAMAccountName: CASE_INSENSITIVE WILDCARD
+objectClass: CASE_INSENSITIVE
+unicodePwd: HIDDEN
+ntPwdHash: HIDDEN
+ntPwdHistory: HIDDEN
+lmPwdHash: HIDDEN
+lmPwdHistory: HIDDEN
+createTimestamp: HIDDEN
+modifyTimestamp: HIDDEN
+
+dn: @SUBCLASSES
+top: domain
+top: person
+top: group
+domain: domainDNS
+domain: builtinDomain
+person: organizationalPerson
+organizationalPerson: user
+user: computer
+template: userTemplate
+template: groupTemplate
+
+dn: @MODULES
+@MODULE: timestamps
+@MODULE: schema
+
+# Top, Schema, Configuration, schema, test
+dn: CN=Top,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Top
+distinguishedName: CN=Top,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175509.0Z
+whenChanged: 20050116175509.0Z
+uSNCreated: 1437
+subClassOf: top
+governsID: 2.5.6.0
+mayContain: msDS-ObjectReferenceBL
+rDNAttID: cn
+uSNChanged: 1437
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Top
+adminDescription: Top
+objectClassCategory: 2
+lDAPDisplayName: top
+name: Top
+objectGUID: 8b12f9c3-008f-2b4f-b32b-dddd2e396ea8
+schemaIDGUID: dafbc8ff-64e9-d2cb-4569-4ba91d60aa83
+systemOnly: TRUE
+systemPossSuperiors: lostAndFound
+systemMayContain: url
+systemMayContain: wWWHomePage
+systemMayContain: whenCreated
+systemMayContain: whenChanged
+systemMayContain: wellKnownObjects
+systemMayContain: wbemPath
+systemMayContain: uSNSource
+systemMayContain: uSNLastObjRem
+systemMayContain: USNIntersite
+systemMayContain: uSNDSALastObjRemoved
+systemMayContain: uSNCreated
+systemMayContain: uSNChanged
+systemMayContain: systemFlags
+systemMayContain: subSchemaSubEntry
+systemMayContain: subRefs
+systemMayContain: structuralObjectClass
+systemMayContain: siteObjectBL
+systemMayContain: serverReferenceBL
+systemMayContain: sDRightsEffective
+systemMayContain: revision
+systemMayContain: repsTo
+systemMayContain: repsFrom
+systemMayContain: directReports
+systemMayContain: replUpToDateVector
+systemMayContain: replPropertyMetaData
+systemMayContain: name
+systemMayContain: queryPolicyBL
+systemMayContain: proxyAddresses
+systemMayContain: proxiedObjectName
+systemMayContain: possibleInferiors
+systemMayContain: partialAttributeSet
+systemMayContain: partialAttributeDeletionList
+systemMayContain: otherWellKnownObjects
+systemMayContain: objectVersion
+systemMayContain: objectGUID
+systemMayContain: distinguishedName
+systemMayContain: nonSecurityMemberBL
+systemMayContain: netbootSCPBL
+systemMayContain: ownerBL
+systemMayContain: msDS-ReplValueMetaData
+systemMayContain: msDS-ReplAttributeMetaData
+systemMayContain: msDS-NonMembersBL
+systemMayContain: msDS-NCReplOutboundNeighbors
+systemMayContain: msDS-NCReplInboundNeighbors
+systemMayContain: msDS-NCReplCursors
+systemMayContain: msDS-TasksForAzRoleBL
+systemMayContain: msDS-TasksForAzTaskBL
+systemMayContain: msDS-OperationsForAzRoleBL
+systemMayContain: msDS-OperationsForAzTaskBL
+systemMayContain: msDS-MembersForAzRoleBL
+systemMayContain: msDs-masteredBy
+systemMayContain: mS-DS-ConsistencyGuid
+systemMayContain: mS-DS-ConsistencyChildCount
+systemMayContain: msDS-Approx-Immed-Subordinates
+systemMayContain: msCOM-PartitionSetLink
+systemMayContain: msCOM-UserLink
+systemMayContain: modifyTimeStamp
+systemMayContain: masteredBy
+systemMayContain: managedObjects
+systemMayContain: lastKnownParent
+systemMayContain: isPrivilegeHolder
+systemMayContain: memberOf
+systemMayContain: isDeleted
+systemMayContain: isCriticalSystemObject
+systemMayContain: showInAdvancedViewOnly
+systemMayContain: fSMORoleOwner
+systemMayContain: fRSMemberReferenceBL
+systemMayContain: frsComputerReferenceBL
+systemMayContain: fromEntry
+systemMayContain: flags
+systemMayContain: extensionName
+systemMayContain: dSASignature
+systemMayContain: dSCorePropagationData
+systemMayContain: displayNamePrintable
+systemMayContain: displayName
+systemMayContain: description
+systemMayContain: createTimeStamp
+systemMayContain: cn
+systemMayContain: canonicalName
+systemMayContain: bridgeheadServerListBL
+systemMayContain: allowedChildClassesEffective
+systemMayContain: allowedChildClasses
+systemMayContain: allowedAttributesEffective
+systemMayContain: allowedAttributes
+systemMayContain: adminDisplayName
+systemMayContain: adminDescription
+systemMustContain: objectClass
+systemMustContain: objectCategory
+systemMustContain: nTSecurityDescriptor
+systemMustContain: instanceType
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,${BASEDN}
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,${BASEDN}
+
+# Container, Schema, Configuration, schema, test
+dn: CN=Container,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Container
+distinguishedName: CN=Container,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175540.0Z
+whenChanged: 20050116175540.0Z
+uSNCreated: 1113
+subClassOf: top
+governsID: 1.2.840.113556.1.3.23
+mayContain: msDS-ObjectReference
+rDNAttID: cn
+uSNChanged: 1114
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Container
+adminDescription: Container
+objectClassCategory: 1
+lDAPDisplayName: container
+name: Container
+objectGUID: 48a16bf7-0128-6605-ad1a-9f5ab97b0b62
+schemaIDGUID: 3f619f8c-f7d6-6b1b-8674-b4f91b0e3755
+systemOnly: FALSE
+systemPossSuperiors: msDS-AzScope
+systemPossSuperiors: msDS-AzApplication
+systemPossSuperiors: msDS-AzAdminManager
+systemPossSuperiors: subnet
+systemPossSuperiors: server
+systemPossSuperiors: nTDSService
+systemPossSuperiors: domainDNS
+systemPossSuperiors: organization
+systemPossSuperiors: configuration
+systemPossSuperiors: container
+systemPossSuperiors: organizationalUnit
+systemMayContain: schemaVersion
+systemMayContain: defaultClassStore
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,DC=schema,DC=test
+
+# Class-Schema, Schema, Configuration, schema, test
+dn: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Class-Schema
+distinguishedName: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175530.0Z
+whenChanged: 20050116175530.0Z
+uSNCreated: 673
+subClassOf: top
+governsID: 1.2.840.113556.1.3.13
+rDNAttID: cn
+uSNChanged: 674
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Class-Schema
+adminDescription: Class-Schema
+objectClassCategory: 1
+lDAPDisplayName: classSchema
+name: Class-Schema
+objectGUID: 63151723-143e-98ab-2e14-f6df3e9c8458
+schemaIDGUID: 44cd522f-747f-e071-ff4b-b8beddfaae75
+systemOnly: FALSE
+systemPossSuperiors: dMD
+systemMayContain: systemPossSuperiors
+systemMayContain: systemOnly
+systemMayContain: systemMustContain
+systemMayContain: systemMayContain
+systemMayContain: systemAuxiliaryClass
+systemMayContain: schemaFlagsEx
+systemMayContain: rDNAttID
+systemMayContain: possSuperiors
+systemMayContain: mustContain
+systemMayContain: msDs-Schema-Extensions
+systemMayContain: msDS-IntId
+systemMayContain: mayContain
+systemMayContain: lDAPDisplayName
+systemMayContain: isDefunct
+systemMayContain: defaultSecurityDescriptor
+systemMayContain: defaultHidingValue
+systemMayContain: classDisplayName
+systemMayContain: auxiliaryClass
+systemMustContain: subClassOf
+systemMustContain: schemaIDGUID
+systemMustContain: objectClassCategory
+systemMustContain: governsID
+systemMustContain: defaultObjectCategory
+systemMustContain: cn
+defaultSecurityDescriptor: D:S:
+systemFlags: 134217744
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+
+# Person, Schema, Configuration, schema, test
+dn: CN=Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Person
+distinguishedName: CN=Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175540.0Z
+whenChanged: 20050116175540.0Z
+uSNCreated: 1093
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: attributeCertificateAttribute
+rDNAttID: cn
+uSNChanged: 1094
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Person
+adminDescription: Person
+objectClassCategory: 0
+lDAPDisplayName: person
+name: Person
+objectGUID: 7f021dc1-d7cb-e61f-1e11-53978e425b25
+schemaIDGUID: db7414bc-d145-b482-bf4a-6d0db78a483a
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: userPassword
+systemMayContain: telephoneNumber
+systemMayContain: sn
+systemMayContain: serialNumber
+systemMayContain: seeAlso
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+
+# Organizational-Person, Schema, Configuration, schema, test
+dn: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Organizational-Person
+distinguishedName: CN=Organizational-Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175533.0Z
+whenChanged: 20050116175533.0Z
+uSNCreated: 795
+subClassOf: person
+governsID: 2.5.6.7
+mayContain: houseIdentifier
+mayContain: msExchHouseIdentifier
+mayContain: homePostalAddress
+rDNAttID: cn
+uSNChanged: 796
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Organizational-Person
+adminDescription: Organizational-Person
+objectClassCategory: 0
+lDAPDisplayName: organizationalPerson
+name: Organizational-Person
+objectGUID: 91aaede0-136e-c1a0-9ac0-5ddd606a0cfc
+schemaIDGUID: 6f71a564-de69-3971-c169-528d111a9f27
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: organization
+systemPossSuperiors: container
+systemMayContain: x121Address
+systemMayContain: comment
+systemMayContain: title
+systemMayContain: co
+systemMayContain: primaryTelexNumber
+systemMayContain: telexNumber
+systemMayContain: teletexTerminalIdentifier
+systemMayContain: street
+systemMayContain: st
+systemMayContain: registeredAddress
+systemMayContain: preferredDeliveryMethod
+systemMayContain: postalCode
+systemMayContain: postalAddress
+systemMayContain: postOfficeBox
+systemMayContain: thumbnailPhoto
+systemMayContain: physicalDeliveryOfficeName
+systemMayContain: pager
+systemMayContain: otherPager
+systemMayContain: otherTelephone
+systemMayContain: mobile
+systemMayContain: otherMobile
+systemMayContain: primaryInternationalISDNNumber
+systemMayContain: ipPhone
+systemMayContain: otherIpPhone
+systemMayContain: otherHomePhone
+systemMayContain: homePhone
+systemMayContain: otherFacsimileTelephoneNumber
+systemMayContain: personalTitle
+systemMayContain: middleName
+systemMayContain: otherMailbox
+systemMayContain: ou
+systemMayContain: o
+systemMayContain: mhsORAddress
+systemMayContain: msDS-AllowedToDelegateTo
+systemMayContain: manager
+systemMayContain: thumbnailLogo
+systemMayContain: l
+systemMayContain: internationalISDNNumber
+systemMayContain: initials
+systemMayContain: givenName
+systemMayContain: generationQualifier
+systemMayContain: facsimileTelephoneNumber
+systemMayContain: employeeID
+systemMayContain: mail
+systemMayContain: division
+systemMayContain: destinationIndicator
+systemMayContain: department
+systemMayContain: c
+systemMayContain: countryCode
+systemMayContain: company
+systemMayContain: assistant
+systemMayContain: streetAddress
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+
+# User, Schema, Configuration, schema, test
+dn: CN=User,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: User
+distinguishedName: CN=User,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175549.0Z
+whenChanged: 20050116175549.0Z
+uSNCreated: 1442
+subClassOf: organizationalPerson
+governsID: 1.2.840.113556.1.5.9
+mayContain: x500uniqueIdentifier
+mayContain: userSMIMECertificate
+mayContain: userPKCS12
+mayContain: uid
+mayContain: secretary
+mayContain: roomNumber
+mayContain: preferredLanguage
+mayContain: photo
+mayContain: labeledURI
+mayContain: jpegPhoto
+mayContain: homePostalAddress
+mayContain: givenName
+mayContain: employeeType
+mayContain: employeeNumber
+mayContain: displayName
+mayContain: departmentNumber
+mayContain: carLicense
+mayContain: audio
+rDNAttID: cn
+uSNChanged: 1442
+showInAdvancedViewOnly: TRUE
+adminDisplayName: User
+adminDescription: User
+objectClassCategory: 1
+lDAPDisplayName: user
+name: User
+objectGUID: 2cc46512-6733-eb01-ce05-213403264ea4
+schemaIDGUID: e8a42693-9d99-2091-5554-eef0548c0b65
+systemOnly: FALSE
+systemPossSuperiors: builtinDomain
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: domainDNS
+systemMayContain: pager
+systemMayContain: o
+systemMayContain: mobile
+systemMayContain: manager
+systemMayContain: mail
+systemMayContain: initials
+systemMayContain: homePhone
+systemMayContain: businessCategory
+systemMayContain: userCertificate
+systemMayContain: userWorkstations
+systemMayContain: userSharedFolderOther
+systemMayContain: userSharedFolder
+systemMayContain: userPrincipalName
+systemMayContain: userParameters
+systemMayContain: userAccountControl
+systemMayContain: unicodePwd
+systemMayContain: terminalServer
+systemMayContain: servicePrincipalName
+systemMayContain: scriptPath
+systemMayContain: pwdLastSet
+systemMayContain: profilePath
+systemMayContain: primaryGroupID
+systemMayContain: preferredOU
+systemMayContain: otherLoginWorkstations
+systemMayContain: operatorCount
+systemMayContain: ntPwdHistory
+systemMayContain: networkAddress
+systemMayContain: msRASSavedFramedRoute
+systemMayContain: msRASSavedFramedIPAddress
+systemMayContain: msRASSavedCallbackNumber
+systemMayContain: msRADIUSServiceType
+systemMayContain: msRADIUSFramedRoute
+systemMayContain: msRADIUSFramedIPAddress
+systemMayContain: msRADIUSCallbackNumber
+systemMayContain: msNPSavedCallingStationID
+systemMayContain: msNPCallingStationID
+systemMayContain: msNPAllowDialin
+systemMayContain: mSMQSignCertificatesMig
+systemMayContain: mSMQSignCertificates
+systemMayContain: mSMQDigestsMig
+systemMayContain: mSMQDigests
+systemMayContain: msIIS-FTPRoot
+systemMayContain: msIIS-FTPDir
+systemMayContain: msDS-User-Account-Control-Computed
+systemMayContain: msDS-Site-Affinity
+systemMayContain: mS-DS-CreatorSID
+systemMayContain: msDS-Cached-Membership-Time-Stamp
+systemMayContain: msDS-Cached-Membership
+systemMayContain: msDRM-IdentityCertificate
+systemMayContain: msCOM-UserPartitionSetLink
+systemMayContain: maxStorage
+systemMayContain: logonWorkstation
+systemMayContain: logonHours
+systemMayContain: logonCount
+systemMayContain: lockoutTime
+systemMayContain: localeID
+systemMayContain: lmPwdHistory
+systemMayContain: lastLogonTimestamp
+systemMayContain: lastLogon
+systemMayContain: lastLogoff
+systemMayContain: homeDrive
+systemMayContain: homeDirectory
+systemMayContain: groupsToIgnore
+systemMayContain: groupPriority
+systemMayContain: groupMembershipSAM
+systemMayContain: dynamicLDAPServer
+systemMayContain: desktopProfile
+systemMayContain: defaultClassStore
+systemMayContain: dBCSPwd
+systemMayContain: controlAccessRights
+systemMayContain: codePage
+systemMayContain: badPwdCount
+systemMayContain: badPasswordTime
+systemMayContain: adminCount
+systemMayContain: aCSPolicyName
+systemMayContain: accountExpires
+systemAuxiliaryClass: securityPrincipal
+systemAuxiliaryClass: mailRecipient
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
+systemFlags: 16
+defaultHidingValue: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+
+# Security-Principal, Schema, Configuration, schema, test
+dn: CN=Security-Principal,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Security-Principal
+distinguishedName: CN=Security-Principal,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175546.0Z
+whenChanged: 20050116175546.0Z
+uSNCreated: 1406
+subClassOf: top
+governsID: 1.2.840.113556.1.5.6
+rDNAttID: cn
+uSNChanged: 1406
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Security-Principal
+adminDescription: Security-Principal
+objectClassCategory: 3
+lDAPDisplayName: securityPrincipal
+name: Security-Principal
+objectGUID: d1a6ae33-f6d5-197f-93d6-923d07d64c1a
+schemaIDGUID: eb3adbfa-fb52-71a6-054f-b077e32c73f1
+systemOnly: FALSE
+systemMayContain: supplementalCredentials
+systemMayContain: sIDHistory
+systemMayContain: securityIdentifier
+systemMayContain: sAMAccountType
+systemMayContain: rid
+systemMayContain: tokenGroupsNoGCAcceptable
+systemMayContain: tokenGroupsGlobalAndUniversal
+systemMayContain: tokenGroups
+systemMayContain: nTSecurityDescriptor
+systemMayContain: msDS-KeyVersionNumber
+systemMayContain: altSecurityIdentities
+systemMayContain: accountNameHistory
+systemMustContain: sAMAccountName
+systemMustContain: objectSid
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,DC=schema,DC=test
+
+# Mail-Recipient, Schema, Configuration, schema, test
+dn: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Mail-Recipient
+distinguishedName: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175550.0Z
+whenChanged: 20050116175550.0Z
+uSNCreated: 1222
+subClassOf: top
+governsID: 1.2.840.113556.1.3.46
+mayContain: userSMIMECertificate
+mayContain: secretary
+mayContain: msExchLabeledURI
+mayContain: msExchAssistantName
+mayContain: labeledURI
+rDNAttID: cn
+uSNChanged: 1222
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Mail-Recipient
+adminDescription: Mail-Recipient
+objectClassCategory: 3
+lDAPDisplayName: mailRecipient
+name: Mail-Recipient
+objectGUID: 79f6fa6e-c08d-5c1f-47ff-6b33be595f50
+schemaIDGUID: bcdded89-7f72-0166-da62-08647c98fcf9
+systemOnly: FALSE
+systemPossSuperiors: container
+systemMayContain: userCertificate
+systemMayContain: userCert
+systemMayContain: textEncodedORAddress
+systemMayContain: telephoneNumber
+systemMayContain: showInAddressBook
+systemMayContain: legacyExchangeDN
+systemMayContain: garbageCollPeriod
+systemMayContain: info
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=schema,DC=test
+
+# Test, Schema, Configuration, schema, test
+dn: CN=Test,CN=Schema,CN=Configuration,DC=schema,DC=test
+objectClass: top
+objectClass: classSchema
+cn: Test
+distinguishedName: CN=Test,CN=Schema,CN=Configuration,DC=schema,DC=test
+instanceType: 4
+whenCreated: 20050116175540.0Z
+whenChanged: 20050116175540.0Z
+uSNCreated: 1093
+subClassOf: top
+governsID: 2.5.6.6
+mayContain: test
+rDNAttID: cn
+uSNChanged: 1094
+showInAdvancedViewOnly: TRUE
+adminDisplayName: Test
+adminDescription: Test
+objectClassCategory: 0
+lDAPDisplayName: test
+name: Test
+objectGUID: 7f021dc1-d7cb-e61f-1e11-53978e425b25
+schemaIDGUID: db7414bc-d145-b482-bf4a-6d0db78a483a
+systemOnly: FALSE
+systemPossSuperiors: organizationalUnit
+systemPossSuperiors: container
+systemMayContain: description
+systemMustContain: cn
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+systemFlags: 16
+defaultHidingValue: TRUE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=schema,DC=test
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,DC=schema,DC=test
+
diff --git a/source4/lib/ldb/tests/test-schema.sh b/source4/lib/ldb/tests/test-schema.sh
new file mode 100755
index 0000000000..5423c7eff9
--- /dev/null
+++ b/source4/lib/ldb/tests/test-schema.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+export LDB_URL="tdb://schema.ldb"
+
+rm -f schema.ldb
+
+echo "LDB_URL: $LDB_URL"
+
+echo "Adding schema"
+$VALGRIND bin/ldbadd tests/schema.ldif || exit 1
+
+echo "Adding few test elements (no failure expected here)"
+$VALGRIND bin/ldbadd tests/schema-add-test.ldif || exit 1
+
+echo "Modifying elements (2 failures expected here)"
+$VALGRIND bin/ldbmodify tests/schema-mod-test.ldif
+
+echo "Showing modified record"
+$VALGRIND bin/ldbsearch '(cn=Test)' || exit 1
+