Rowland Penny
2024-Mar-26 16:57 UTC
[Samba] core & cosine schema items in Samba AD DC user object?
On Tue, 26 Mar 2024 17:13:34 +0100 Franta Hanzl?k <franta at hanzlici.cz> wrote:> > Yes, that's how I understood it later. > But what surprised me is that an object ("user" class in this case) > can be assigned any imaginary attribute - I thought that the Samba > AD schema strictly limits what objects and with what attributes can > be in the AD. But maybe it only limits the types of objects, but > not their attributes... > (I'm keeping quiet now, I know very little about Samba and AD. > Many thanks, Rowland, thanks to you this mailing list is so great)No, you cannot add just add any attribute to AD, it has to exist in the schema. That isn't to say that you cannot extend the schema, Windows has an attribute editor for just this purpose and you can extend it on Unix by creating an ldif, see here: https://wiki.samba.org/index.php/Samba_AD_schema_extensions But, once you extend the schema, you cannot remove the extension. Try browsing the schema files that come with Samba, they show all the objectclasses and attributes you can use. Rowland
Kees van Vloten
2024-Mar-26 17:06 UTC
[Samba] core & cosine schema items in Samba AD DC user object?
On 26-03-2024 17:57, Rowland Penny via samba wrote:> On Tue, 26 Mar 2024 17:13:34 +0100 > Franta Hanzl?k <franta at hanzlici.cz> wrote: >> Yes, that's how I understood it later. >> But what surprised me is that an object ("user" class in this case) >> can be assigned any imaginary attribute - I thought that the Samba >> AD schema strictly limits what objects and with what attributes can >> be in the AD. But maybe it only limits the types of objects, but >> not their attributes... >> (I'm keeping quiet now, I know very little about Samba and AD. >> Many thanks, Rowland, thanks to you this mailing list is so great) > No, you cannot add just add any attribute to AD, it has to exist in the > schema. That isn't to say that you cannot extend the schema, Windows > has an attribute editor for just this purpose and you can extend it on > Unix by creating an ldif, see here: > > https://wiki.samba.org/index.php/Samba_AD_schema_extensions > > But, once you extend the schema, you cannot remove the extension. > > Try browsing the schema files that come with Samba, they show all the > objectclasses and attributes you can use. > > RowlandI guess the OP's confusion is due to the fact that attrs without any value are not shown on a ldap-object. Whereas, for example, in a sqldb you always see all columns, empty or not.