1

I'm currently running an openldap server on a debian machine

Distributor ID: Debian Description: Debian GNU/Linux 8.7 (jessie) Release: 8.7 Codename: jessie

Slapd version

@(#) $OpenLDAP: slapd (Jan 16 2016 23:00:08) $ root@chimera:/tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slapd

I've transform the official schema into an ldif with following tutorial here

Worked perfectly my kerberos ldifs, but when I try to apply the apple.ldif, I encounter a 

SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "cn=apple,cn=schema,cn=config" ldap_add: Other (e.g., implementation specific) error (80) additional info: olcObjectClasses: AttributeType not found: "acctFlags"

So far, some blogs say that this isn't a critical attribute, and could be directly removed.

I wanted to know if that's "normal" to just remove some attributes directly from the official schema (same schema I can also get from directly some iMacs in the infrastructure) ?

Improve this question

2 Answers 2

Reset to default
2

No, it's not normal to remove attributes. If you're missing an attribute it usually means you're missing some other dependent schema.

In this case it looks like Apple's samba schema. This may in turn rely on other schema, but I suspect they've provided the complete set.

Improve this answer
0
3

This question and 84104's answer ended up pointing me in the right direction. apple.schema doesn't list its dependencies, but most (if not all) of the others do.

Here are the schemas I needed to load (and in this order) to satisfy all the dependencies and convince slapd to load apple.schema:

core.schema cosine.schema inetorgperson.schema nis.schema samba.schema apple_auxillary.schema apple.schema
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.