From 17078a46b899c8af2f38479391094a0b2b1a3d5b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 24 Apr 2007 05:57:56 +0000
Subject: r22497: Support renaming objectclasses and attributes for the LDAP
 backend.

OpenLDAP is fussy about operational attributes in user-supplied
schema.

Andrew Bartlett
(This used to be commit d7cd4b768a7f56ced8ed94b9a63d01865ba7d10a)
---
 source4/dsdb/samdb/ldb_modules/entryUUID.c | 27 ++++++++--
 source4/lib/ldb/tools/ad2oLschema.c        | 82 +++++++++++++++++++++++-------
 source4/setup/schema-map-openldap-2.3      | 12 +++--
 source4/setup/schema_samba4.ldif           |  4 ++
 4 files changed, 101 insertions(+), 24 deletions(-)

(limited to 'source4')

diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c
index 3196069fa8..314e44111a 100644
--- a/source4/dsdb/samdb/ldb_modules/entryUUID.c
+++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c
@@ -351,6 +351,15 @@ const struct ldb_map_attribute entryUUID_attributes[] =
 			 }
 		}
 	},
+	{
+		.local_name = "objectClasses",
+		.type = MAP_RENAME,
+		.u = {
+			.rename = {
+				 .remote_name = "sambaObjectClasses"
+			 }
+		}
+	},
 	{
 		.local_name = "sambaPassword",
 		.type = MAP_RENAME,
@@ -446,9 +455,21 @@ const struct ldb_map_attribute entryUUID_attributes[] =
 	}
 };
 
+/* This objectClass conflicts with builtin classes on OpenLDAP */
+const struct ldb_map_objectclass entryUUID_objectclasses[] =
+{
+	{
+		.local_name = "subSchema",
+		.remote_name = "samba4SubSchema"
+	},
+	{
+		.local_name = NULL
+	}
+};
+
 /* These things do not show up in wildcard searches in OpenLDAP, but
  * we need them to show up in the AD-like view */
-const char * const wildcard_attributes[] = {
+const char * const entryUUID_wildcard_attributes[] = {
 	"objectGUID", 
 	"whenCreated", 
 	"whenChanged",
@@ -471,7 +492,7 @@ const struct ldb_map_attribute nsuniqueid_attributes[] =
 			},
 		},
 	},
-	/* objectSid */
+	/* objectSid */	
 	{
 		.local_name = "objectSid",
 		.type = MAP_CONVERT,
@@ -751,7 +772,7 @@ static int entryUUID_init(struct ldb_module *module)
 	struct entryUUID_private *entryUUID_private;
 	struct ldb_dn *schema_dn;
 
-	ret = ldb_map_init(module, entryUUID_attributes, NULL, wildcard_attributes, NULL);
+	ret = ldb_map_init(module, entryUUID_attributes, entryUUID_objectclasses, entryUUID_wildcard_attributes, NULL);
         if (ret != LDB_SUCCESS)
                 return ret;
 
diff --git a/source4/lib/ldb/tools/ad2oLschema.c b/source4/lib/ldb/tools/ad2oLschema.c
index 285820b512..16e3c8941e 100644
--- a/source4/lib/ldb/tools/ad2oLschema.c
+++ b/source4/lib/ldb/tools/ad2oLschema.c
@@ -246,7 +246,12 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
 		char *old_oid;
 		char *new_oid;
 	} *oid_map = NULL;
-	int num_maps = 0;
+	int num_oid_maps = 0;
+	struct attr_map {
+		char *old_attr;
+		char *new_attr;
+	} *attr_map = NULL;
+	int num_attr_maps = 0;	
 	struct ldb_result *attrs_res, *objectclasses_res;
 	struct ldb_dn *schemadn;
 	struct schema_conv ret;
@@ -269,25 +274,36 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
 		if (isdigit(line[0])) {
 			char *p = strchr(line, ':');
 			IF_NULL_FAIL_RET(p);
-			if (!p) {
-				ret.failures = 1;
-				return ret;
-			}
 			p[0] = '\0';
 			p++;
-			oid_map = talloc_realloc(mem_ctx, oid_map, struct oid_map, num_maps + 2);
+			oid_map = talloc_realloc(mem_ctx, oid_map, struct oid_map, num_oid_maps + 2);
 			trim_string(line, " ", " ");
-			oid_map[num_maps].old_oid = talloc_move(oid_map, &line);
+			oid_map[num_oid_maps].old_oid = talloc_move(oid_map, &line);
 			trim_string(p, " ", " ");
-			oid_map[num_maps].new_oid = p;
-			num_maps++;
-			oid_map[num_maps].old_oid = NULL;
+			oid_map[num_oid_maps].new_oid = p;
+			num_oid_maps++;
+			oid_map[num_oid_maps].old_oid = NULL;
 		} else {
-			attrs_skip = talloc_realloc(mem_ctx, attrs_skip, const char *, num_skip + 2);
-			trim_string(line, " ", " ");
-			attrs_skip[num_skip] = talloc_move(attrs_skip, &line);
-			num_skip++;
-			attrs_skip[num_skip] = NULL;
+			char *p = strchr(line, ':');
+			if (p) {
+				/* remap attribute/objectClass */
+				p[0] = '\0';
+				p++;
+				attr_map = talloc_realloc(mem_ctx, attr_map, struct attr_map, num_attr_maps + 2);
+				trim_string(line, " ", " ");
+				attr_map[num_attr_maps].old_attr = talloc_move(attr_map, &line);
+				trim_string(p, " ", " ");
+				attr_map[num_attr_maps].new_attr = p;
+				num_attr_maps++;
+				attr_map[num_attr_maps].old_attr = NULL;
+			} else {
+				/* skip attribute/objectClass */
+				attrs_skip = talloc_realloc(mem_ctx, attrs_skip, const char *, num_skip + 2);
+				trim_string(line, " ", " ");
+				attrs_skip[num_skip] = talloc_move(attrs_skip, &line);
+				num_skip++;
+				attrs_skip[num_skip] = NULL;
+			}
 		}
 	}
 
@@ -327,7 +343,7 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
 
 		if (!name) {
 			printf("Failed to find lDAPDisplayName for schema DN: %s\n", ldb_dn_get_linearized(msg->dn));
-			ret.failures = 1;
+			ret.failures++;
 			continue;
 		}
 
@@ -359,6 +375,14 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
 		}
 		IF_NULL_FAIL_RET(schema_entry);
 
+		/* We might have been asked to remap this name, due to a conflict */
+		for (j=0; name && attr_map && attr_map[j].old_attr; j++) {
+			if (strcmp(name, attr_map[j].old_attr) == 0) {
+				name =  attr_map[j].new_attr;
+				break;
+			}
+		}
+		
 		schema_entry = talloc_asprintf_append(schema_entry, 
 						      "  NAME '%s'\n", name);
 		IF_NULL_FAIL_RET(schema_entry);
@@ -437,6 +461,12 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
 		char *schema_entry = NULL;
 		int j;
 
+		if (!name) {
+			printf("Failed to find lDAPDisplayName for schema DN: %s\n", ldb_dn_get_linearized(msg->dn));
+			ret.failures++;
+			continue;
+		}
+
 		/* We have been asked to skip some attributes/objectClasses */
 		if (attrs_skip && str_list_check_ci(attrs_skip, name)) {
 			ret.skipped++;
@@ -469,6 +499,14 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
 			break;
 		}
 
+		/* We might have been asked to remap this name, due to a conflict */
+		for (j=0; name && attr_map && attr_map[j].old_attr; j++) {
+			if (strcmp(name, attr_map[j].old_attr) == 0) {
+				name =  attr_map[j].new_attr;
+				break;
+			}
+		}
+		
 		schema_entry = talloc_asprintf_append(schema_entry, 
 						      "  NAME '%s'\n", name);
 		IF_NULL_FAIL_RET(schema_entry);
@@ -509,9 +547,19 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum convert_
 		do {						\
 			int k;						\
 			for (k=0; attributes && k < attributes->num_values; k++) { \
+				int attr_idx; \
+				const char *attr_name = (const char *)attributes->values[k].data;  \
+				/* We might have been asked to remap this name, due to a conflict */ \
+				for (attr_idx=0; attr_name && attr_map && attr_map[attr_idx].old_attr; attr_idx++) { \
+					if (strcmp(attr_name, attr_map[attr_idx].old_attr) == 0) { \
+						attr_name =  attr_map[attr_idx].new_attr; \
+						break;			\
+					}				\
+				}					\
+									\
 				schema_entry = talloc_asprintf_append(schema_entry, \
 								      " %s", \
-								      (const char *)attributes->values[k].data); \
+								      attr_name); \
 				IF_NULL_FAIL_RET(schema_entry);		\
 				if (k != (attributes->num_values - 1)) { \
 					schema_entry = talloc_asprintf_append(schema_entry, \
diff --git a/source4/setup/schema-map-openldap-2.3 b/source4/setup/schema-map-openldap-2.3
index bedf402a9f..9268b1c969 100644
--- a/source4/setup/schema-map-openldap-2.3
+++ b/source4/setup/schema-map-openldap-2.3
@@ -1,7 +1,6 @@
 #Standard OpenLDAP attributes
 name
 labeledURI
-objectClasses
 createTimeStamp
 attributeTypes
 objectClass
@@ -10,7 +9,6 @@ seeAlso
 uid
 subSchemaSubEntry
 structuralObjectClass
-modifyTimeStamp
 distinguishedName
 description
 cn
@@ -18,8 +16,14 @@ dITContentRules
 top
 #This shouldn't make it to the ldap server
 sambaPassword
-#Skip ObjectClasses
-subSchema
+#These conflict with OpenLDAP builtins
+objectClasses:samba4ObjectClasses
+2.5.21.6:1.3.6.1.4.1.7165.4.255.5
+subSchema:samba4SubSchema
+2.5.20.1:1.3.6.1.4.1.7165.4.255.4
+#Remap these so that we don't put operational attributes in a schema MAY
+modifyTimeStamp:samba4ModifyTimestamp
+2.5.18.2:1.3.6.1.4.1.7165.4.255.3
 #MiddleName has a conflicting OID
 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1
 #defaultGroup has a conflicting OID
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 150586976f..c0a50bd508 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -165,3 +165,7 @@ oMSyntax: 20
 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
 
 #Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2
+
+#Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3
+#Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4
+#Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5
-- 
cgit