GeekForce

Well, so here’s the latest from the research department. I’ve gotten as far as getting OpenLDAP to work using the Apple schema extensions.

The Apple extensiosn are dependent on two schema’s 1) the apple LDAP extensions. 2) the Samba schema.

The fortunate thing is that Apple is not really doing anything proprietary. They are extending two RFC’s that talk about how to use LDAP as an NIS.
But it is tricky. You can download the apple.schema file from Apple, but when you incorporate into a default OpenLDAP installation you get errors about undefined attributes of type ‘authAuthority’.

It turns out that you just need to edit the schema. The authAuthority attribute is defined AFTER it is instanced by an objectClass. As you know, this is illegal, you must define attributetypes first, then you can use them in objectclasses. So, you edit the schema: find where the ‘authAuthority’ is defined, and move it up to before the first objectClass that uses it.

Once you’ve done that, you can start the LDAP server. But you may get another error that says that acctFlag is undefined. This is why you need to incorporate the samba schema.

This is what my includes section of the slapd.conf looks like:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/rfc822-MailMember.schema
include /etc/openldap/schema/redhat/autofs.schema
include /etc/openldap/schema/redhat/kerberosobject.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/apple.schema


If youre’s looks like this, and you have edited the apple.schema as I mentioned above, you should be OK.

Now, if I can just figure out how to get the system to BIND for authentication - it seems to just do a FIND when I login… It’s looking for something, and I dont know what…