I'm currently running an openldap server on a debian machine
Distributor ID: Debian
Description: Debian GNU/Linux 8.7 (jessie)
Release: 8.7
Codename: jessie
Slapd version
@(#) $OpenLDAP: slapd (Jan 16 2016 23:00:08) $
root@chimera:/tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slapd
I've transform the official schema into an ldif with following tutorial here
Worked perfectly my kerberos ldifs, but when I try to apply the apple.ldif, I encounter a
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=apple,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
additional info: olcObjectClasses: AttributeType not found: "acctFlags"
So far, some blogs say that this isn't a critical attribute, and could be directly removed.
I wanted to know if that's "normal" to just remove some attributes directly from the official schema (same schema I can also get from directly some iMacs in the infrastructure) ?
This question and 84104's answer ended up pointing me in the right direction.
apple.schemadoesn't list its dependencies, but most (if not all) of the others do.Here are the schemas I needed to load (and in this order) to satisfy all the dependencies and convince slapd to load
apple.schema:No, it's not normal to remove attributes. If you're missing an attribute it usually means you're missing some other dependent schema.
In this case it looks like Apple's samba schema. This may in turn rely on other schema, but I suspect they've provided the complete set.