Bug 7992 - Extending Samba4 schema with attributeSyntax: 2.5.5.1 fails
Summary: Extending Samba4 schema with attributeSyntax: 2.5.5.1 fails
Status: NEW
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-09 11:37 UTC by Andris Lismanis
Modified: 2014-12-12 17:49 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andris Lismanis 2011-03-09 11:37:11 UTC
Whilst trying to extend Samba4 schema with attributeSyntax: 2.5.5.1, breaks tdb database.

Error message when restarting Samba4:


../source4/dsdb/schema/schema_init.c:696: Unknown schema syntax for zarafaSendAsPrivilege
../source4/dsdb/schema/schema_init.c:839: schema_fsmo_init: failed to load attribute definition: CN=Zarafa-Send-As,CN=Schema,CN=Configuration,DC=dev,DC=lismanis,DC=co,DC=uk:WERR_DS_ATT_SCHEMA_REQ_SYNTAX
ldb: module schema_load initialization failed : Constraint violation
ldb: module operational initialization failed : Constraint violation
ldb: module aclread initialization failed : Constraint violation
ldb: module acl initialization failed : Constraint violation
ldb: module descriptor initialization failed : Constraint violation
ldb: module objectclass initialization failed : Constraint violation
ldb: module asq initialization failed : Constraint violation
ldb: module server_sort initialization failed : Constraint violation
ldb: module paged_results initialization failed : Constraint violation
ldb: module rootdse initialization failed : Constraint violation
ldb: module samba_dsdb initialization failed : Constraint violation
ldb: Unable to load modules for /usr/local/samba/private/sam.ldb: dsdb_schema load failed: schema_fsmo_init: failed to load attribute definition: CN=Zarafa-Send-As,CN=Schema,CN=Configuration,DC=dev,DC=lismanis,DC=co,DC=uk:WERR_DS_ATT_SCHEMA_REQ_SYNTAX
samba: using 'single' process model

LDIF schema:
dn: CN=Zarafa-Send-As,CN=Schema,CN=Configuration,DC=dev,DC=lismanis,DC=co,DC=uk

changetype: add

adminDisplayName: Zarafa-Send-As

attributeID: 1.3.6.1.4.1.26278.1.1.2.4

attributeSyntax: 2.5.5.1

cn: Zarafa-Send-As

distinguishedName: CN=Zarafa-Send-As,CN=Schema,CN=Configuration,DC=dev,DC=lismanis,DC=co,DC=uk

instanceType: 4

isSingleValued: FALSE

lDAPDisplayName: zarafaSendAsPrivilege

name: Zarafa-Send-As

objectCategory: CN=Attribute-Schema,<SchemaContainerDN>

objectClass: top

objectClass: attributeSchema

oMSyntax: 127

schemaIDGUID:: xpDaV2kqTtOVsFJD/YqQuw== 

showInAdvancedViewOnly: TRUE

searchFlags: 0
Comment 1 Matthias Dieter Wallnöfer 2011-03-10 08:49:57 UTC
Metze, do you have an idea?
Comment 2 Stefan Metzmacher 2011-03-10 09:06:52 UTC
The oMObjectClass attribute is missing.

The syntax we support is this:

.name                   = "Object(DS-DN)",
.ldap_oid               = LDB_SYNTAX_DN,
.oMSyntax               = 127,
.oMObjectClass          = OMOBJECTCLASS("\x2b\x0c\x02\x87\x73\x1c\x00\x85\x4a"),
.attributeSyntax_oid    = "2.5.5.1",
.drsuapi_to_ldb         = dsdb_syntax_DN_drsuapi_to_ldb,
.ldb_to_drsuapi         = dsdb_syntax_DN_ldb_to_drsuapi,
.validate_ldb           = dsdb_syntax_DN_validate_ldb,
.equality               = "distinguishedNameMatch",
.comment                = "Object(DS-DN) == a DN",

We're currently not doing any validation checks on schema modifications...
If you it works against a windows server, we may need some logic to
autogenerate the oMObjectClass on add.
Comment 3 Andris Lismanis 2011-03-10 12:38:39 UTC
There appears to be problem only with this syntax 2.5.5.1. All other syntaxes are being added successfully without breaking the database.

There is more discussion about this syntax and issues experienced by other users:
http://samba.2283325.n4.nabble.com/Extending-Samba4-schema-td3073004.html

There you will also be able to download the original schema file which works fine on MS AD.
Comment 4 Andris Lismanis 2011-03-21 06:18:14 UTC
I have managed to find a workaround by extracting current 2.5.5.1 syntaxes into LDIF using phpldapadmin. I can now add the new schema by adding

oMObjectClass:: KwwCh3McAIVK

-------------------------------

dn: CN=Zarafa-Send-As,CN=Schema,CN=Configuration,DC=lismanis,DC=co,DC=uk
changetype: add
adminDisplayName: Zarafa-Send-As
oMObjectClass:: KwwCh3McAIVK
attributeID: 1.3.6.1.4.1.26278.1.1.2.4
attributeSyntax: 2.5.5.1
cn: Zarafa-Send-As
distinguishedName: CN=Zarafa-Send-As,CN=Schema,CN=Configuration,DC=lismanis,DC=co,DC=uk
instanceType: 4
isSingleValued: FALSE
lDAPDisplayName: zarafaSendAsPrivilege
name: Zarafa-Send-As
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=lismanis,DC=co,DC=uk
objectClass: top
objectClass: attributeSchema
oMSyntax: 127
schemaIDGUID:: xpDaV2kqTtOVsFJD/YqQuw== 
showInAdvancedViewOnly: TRUE
searchFlags: 0
systemOnly: FALSE