MacWindows.com User forum :: View topic - [SOVLED] Modify AD Schema Extension without OS X Server

MacWindows.com User forum http://www.macwindows.com/forum/

[SOVLED] Modify AD Schema Extension without OS X Server http://www.macwindows.com/forum/viewtopic.php?f=2&t=359	Page 1 of 1

Author:	stictsBo [ Wed Mar 30, 2011 9:26 am ]
Post subject:	[SOVLED] Modify AD Schema Extension without OS X Server
[my solution see below] Hi all I have a bit of a problem here I have an AD-domain on a SBS 2008 Server and then there are 5 Clients with OS X 10.6.7 - so far so good. The Clients are connected to the domain with the Apple-AD plug-in and that works just fine. But since I have mobile accounts for the clients I want to set up synchronisation rules for the home directories (and so on). To get there I installed workgroup manager (MCX) and connected to the AD. There I can see all my users but unfortunatelly I'm not able to edit the settings. I assume this is because my AD Schema is not extended yet... ...so I tried to do this, but there's my problem. I don't have any OS X Server where I can grap the Open Directory settings and so I'm not able to create a LDIF modification file for my AD. Is there a way to create this file without OS X Server? hope you help Bo

Author: stictsBo [ Fri Apr 01, 2011 6:28 am ]

Post subject: Re: [SOVLED] Modify AD Schema Extension without OS X Server

ok... since no reply came I had lots of time for try and error...

here's what I did:

- get the Apple whitepaper that shows the necessairy extensions for OS X 10.6.x, I've posted at my site:
(http://www.sticts.ch/MacWindows/Modifying_the_Active_Directory_Schema.pdf)

- get the apple schema from your OS X 10.6.x (/etc/openldap/schema/apple.schema)

- follow the instructions in the paper (except of loading the schema from the Server Address, load the apple.schema file instead)

- be sure your exported file won't have a class called top to add (see code below), if you find it in your export, just delete it

Code: Select all: # Class: top dn: cn=Top,cn=Schema,cn=Configuration,dc=X changetype: add objectClass: classSchema governsID: 2.5.6.0 ldapDisplayName: top objectClassCategory: 2 systemOnly: FALSE # subclassOf: top subclassOf: 2.5.6.0 # rdnAttId: cn rdnAttId: 2.5.4.3 dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -

- if the import of the classes fails, make your classes to import won't refer to the following attributes, if found them delete it

Code: Select all: # subclassOf: top subclassOf: 2.5.6.0 # rdnAttId: cn rdnAttId: 2.5.4.3

- hope that helps...

more very helpfull ressources: http://blog.michael.kuron-germany.de/category/mac/

Author:	MacWindows [ Thu Apr 07, 2011 12:34 pm ]
Post subject:	Re: [SOVLED] Modify AD Schema Extension without OS X Server
Thanks! If anyone has tried this approach, please post a note here.

Page 1 of 1	All times are UTC - 8 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/