Joseph Fry via FreeIPA-users wrote:
It needs an exact match to what is in the schema. Try this:
dn: cn=schema
remove: objectClasses: ( 1.2.840.113556.1.3.30 NAME 'Computers' DESC 'AD
Computers' SUP top STRUCTURAL MAY cn X-ORIGIN 'user defined' )
rob
That worked... in fact what I was doing may have worked, I had to remove the
space between AD and Computers to make yours work, I think I made the same mistake on my
attempt.
Here is my completed update file for posterity sake:
# Delete the adcomputers and adcomputergroups containers. Not really necessary but
# its useful to start with a clean slate during testing, as updating things can lead
# to some strangeness
dn: cn=adcomputers, cn=Schema Compatibility, cn=plugins, cn=config
deleteentry:
dn: cn=adcomputergroups, cn=Schema Compatibility, cn=plugins, cn=config
deleteentry:
# remove the ObjectClasses to start with a clean slate (this isn't necessary,
# but it demonstrates how to remove them if necessary)
dn: cn=schema
remove: objectClasses: ( 1.2.840.113556.1.3.30 NAME 'computer' DESC 'AD
Computers' SUP top STRUCTURAL MAY cn X-ORIGIN 'user defined' )
remove: objectClasses: ( 1.2.840.113556.1.5.8 NAME 'group' DESC 'AD
Groups' SUP top STRUCTURAL MAY cn X-ORIGIN 'user defined' )
# Add ObjectClasses to suppress schema validation errors
dn: cn=schema
add: objectClasses: (1.2.840.113556.1.3.30 NAME 'computer' DESC 'AD
Computers' SUP top MAY (cn))
add: objectClasses: (1.2.840.113556.1.5.8 NAME 'group' DESC 'AD Groups'
SUP top MAY (cn))
# Create the adcomputers container and map the objects and attributes from the ipaHosts
# Note: This will bring every host in, though it could be filtered with the search-filter
# below if desired.
dn: cn=adcomputers, cn=Schema Compatibility, cn=plugins, cn=config
default:objectClass: top
default:objectClass: extensibleObject
default:cn: adcomputers
default:schema-compat-container-group: cn=compat, $SUFFIX
default:schema-compat-container-rdn: cn=adcomputers
default:schema-compat-search-base: cn=computers, cn=accounts, $SUFFIX
default:schema-compat-search-filter: (&(fqdn=*)(objectClass=ipaHost))
default:schema-compat-entry-rdn: cn=%first("%{fqdn}")
default:schema-compat-check-access: yes
default:schema-compat-entry-attribute: objectclass=extensibleObject
default:schema-compat-entry-attribute: objectclass=computer
default:schema-compat-entry-attribute: cn=%{fqdn}
default:schema-compat-entry-attribute: sAMAccountType=805306369
default:schema-compat-entry-attribute: dNSHostName=%{fqdn}
default:schema-compat-entry-attribute: operatingSystem=%{nsOsVersion}
default:schema-compat-entry-attribute: name=%{serverHostName}
default:schema-compat-entry-attribute: sAMAccountName=$$%{serverHostName}
default:schema-compat-entry-attribute: location=%{nsHostLocation}
# Create the adcomputergroups container and map the relevant attributes from the
ipahostgroups
dn: cn=adcomputergroups, cn=Schema Compatibility, cn=plugins, cn=config
default:objectClass: top
default:objectClass: extensibleObject
default:cn: adcomputergroups
default:schema-compat-container-group: cn=compat, $SUFFIX
default:schema-compat-container-rdn: cn=adcomputergroups
default:schema-compat-search-base: cn=hostgroups, cn=accounts, $SUFFIX
default:schema-compat-search-filter: (&(member=*)(objectClass=ipahostgroup))
default:schema-compat-entry-rdn: cn=%{cn}
default:schema-compat-entry-check-access: yes
default:schema-compat-entry-attribute: objectclass=extensibleObject
default:schema-compat-entry-attribute: objectclass=group
default:schema-compat-entry-attribute: objectclass=groupOfNames
default:schema-compat-entry-attribute: cn=%{cn}
default:schema-compat-entry-attribute:
distinguishedName=cn=%{cn},cn=adcomputergroups,cn=compat,$SUFFIX
default:schema-compat-entry-attribute: name=%{cn}
default:schema-compat-entry-attribute:
member=cn=%deref_r("member","fqdn"),cn=adcomputers,cn=compat,$SUFFIX