[KLUG Members] NFS across platforms...and not!

[Adam Williams]

> > Anyone running 10.3.x willing to forward me those schema files?
> Done, offlist.

These look like legitimate schema files, and actually most of them come
with a standard installation of OpenLDAP.  But there are some
interestings issues, which maybe an Apple guru can expain.

First is that apple.schema won't even load since the required attribute
authAuthority isn't defined, but is required by apple-user,
apple-computer, and apple-preset-user objectclass's.  authAuthority
isn't defined in any schema file but apple.schema, and there it is
commented out!  Poking about shows it is defined twice in that file - 

attributetype (
        1.3.6.1.4.1.63.1000.1.1.2.16.1
        NAME 'authAuthority'
        DESC 'password server authentication authority'
        EQUALITY caseExactIA5Match
        SUBSTR caseExactIA5SubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
                                                                                
attributetype (
        1.3.6.1.4.1.63.1000.1.1.2.16.2
        NAME ( 'authAuthority' 'authAuthority2' )
        DESC 'password server authentication authority'
        EQUALITY caseExactMatch
        SUBSTR caseExactSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

- which obviously doesn't work.  And these two attributes even have
different types, the first is an ASCII string, the second is the DN of
an LDAP object.  Is an admin supposed to somehow pick one of these?

The second issue (at least that I've noticed so far) is that the
apple.schema requires the Samba 2.2.x schema.  apple-user requires all
the attributes of a Samba 2.2.x LDAP/PDC (rid, primaryGroupID, etc...). 
This one is just rather disappointing since LDAP support in 3.0.x is
leaps and bounds ahead of 2.2.x, and most heavy LDAP users switch almost
immediately to 3.0.x.