Hi List, I successfully added a new schema to my DCs a couple of weeks ago (and didn't do anything with it yet.) Today I wanted to edit the schema some more but found the samba-tool ldapcmp command and ran it between my two DCs: | * Comparing [SCHEMA] context... | | * Objects to be compared: 1562 | | Comparing: | 'CN=bssGroup,CN=Schema,CN=Configuration,DC=bss,DC=example,DC=com' [ldap://barva.bss.example.com] | 'CN=bssGroup,CN=Schema,CN=Configuration,DC=bss,DC=example,DC=com' [ldap://zapaleri.bss.example.com] | Difference in attribute values: | mayContain => | ['bssMailAddresses', 'bssMailForwardingAddress', 'bssloginScript'] | ['bssLoginScript', 'bssMailAddresses', 'bssMailForwardingAddress'] | FAILED | | * Result for [SCHEMA]: FAILURE The attributes are the same, but seem in a different order. My understanding of LDAP says that it doesn't matter, but of course I'm worried, especially since all documentation stresses how dangerous it is to meddle with the AD schema... I run Ubuntu packages, 4.7.6-Ubuntu Thanks in advance, Jakob
On Fri, 2018-09-07 at 07:34 +0200, Jakob Lenfers via samba wrote:> Hi List, > > I successfully added a new schema to my DCs a couple of weeks ago (and > didn't do anything with it yet.) Today I wanted to edit the schema some > more but found the samba-tool ldapcmp command and ran it between my two DCs: > > > * Comparing [SCHEMA] context... > > > > * Objects to be compared: 1562 > > > > Comparing: > > 'CN=bssGroup,CN=Schema,CN=Configuration,DC=bss,DC=example,DC=com' > > [ldap://barva.bss.example.com] > > 'CN=bssGroup,CN=Schema,CN=Configuration,DC=bss,DC=example,DC=com' > > [ldap://zapaleri.bss.example.com] > > Difference in attribute values: > > mayContain => > > ['bssMailAddresses', 'bssMailForwardingAddress', 'bssloginScript'] > > ['bssLoginScript', 'bssMailAddresses', 'bssMailForwardingAddress'] > > FAILED > > > > * Result for [SCHEMA]: FAILURE > > The attributes are the same, but seem in a different order. My > understanding of LDAP says that it doesn't matter, but of course I'm > worried, especially since all documentation stresses how dangerous it is > to meddle with the AD schema...That won't matter. Some multi-valued attributes get replicated in reverse order for $REASONS> I run Ubuntu packages, 4.7.6-Ubuntu > > Thanks in advance, > Jakob >-- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Am 07.09.2018 um 08:04 schrieb Andrew Bartlett via samba:> On Fri, 2018-09-07 at 07:34 +0200, Jakob Lenfers via samba wrote:>> The attributes are the same, but seem in a different order. My >> understanding of LDAP says that it doesn't matter, but of course I'm >> worried, especially since all documentation stresses how dangerous it is >> to meddle with the AD schema... > That won't matter. Some multi-valued attributes get replicated in > reverse order for $REASONSThanks! Best, Jakob