Extending User Schema in Samba 4

jakegarrison · August 9, 2022, 6:33pm

TLDR: Trying to get univentionFreeAttribute1 to show up in Samba4 LDAP Users

Been stuck on this for a few days and I’m deep in a google hole trying to figure this out.

I have successfully added a new UCS attribute to users called “managedAppleID”. I can add/remove/modify the value from the user pages in UCS. For the OpenLDAP side, I’m storing the value in univentionFreeAttribute1 and am easily able to reference the attribute in that side of things.

I was surprised to find that univentionFreeAttribute1-100 were not available in the Samba4 Scheme and I can’t seem to wrap my head around how to extend the scheme (this is all still rather new for me).
I’ve extended the s4 connector mapping and have managed to store the managedAppleID in an existing attribute using the following:

import univention.s4connector.s4.mapping
def mapping_hook(s4_mapping):
       s4_mapping['user'].attributes['univentionFreeAttribute1'] = \
               univention.s4connector.attribute(
                       ucs_attribute='managedAppleId',
                       ldap_attribute='univentionFreeAttribute1',
                       con_attribute='streetAddress',
                       single_value=True,
       )
        return s4_mapping

Of course, I would really rather not store this in the street address should I ever need to use street address later.
Reviewing the entire output of /var/log/univention/connector-s4-mapping.log and reading over univention.s4connector.s4.mapping — Univention Corporate Server Python API 5.0 documentation, I thought that I might need to add in a “con_create_attributes” to the hook like this:


import univention.s4connector.s4.mapping
def mapping_hook(s4_mapping):
       s4_mapping['user'].con_create_attributes = [('managedAppleId')]
       s4_mapping['user'].attributes['univentionFreeAttribute1'] = \
               univention.s4connector.attribute(
                       ucs_attribute='managedAppleId',
                       ldap_attribute='univentionFreeAttribute1',
                       con_attribute='managedAppleId',
                       single_value=True,
       )
        return s4_mapping

But that also did not do the trick.

Now, reading this https://wiki.univention.de/index.php/Cool_Solution_-_Installation_of_Microsoft_SCCM#Schema_extension im getting the idea that I need to create an LDIF file and import that into the scheme.

Am I on the right track here? Is there a clear recommend way to do this that Im missing? Any tips for how to create the LDIF files if that’s the route I need to take?

Thanks!

jakegarrison · August 13, 2022, 10:58pm

Wanted to give this a bump to see if anyone had some tips or direction.

cioby · January 23, 2023, 9:38pm

Hello,

Did you managed to find a solution for this ?

I’m also trying to extend the user schema in Samba 4 by adding some custom attributes.
I managed to import the required schema into Samba LDAP but still cannot use the defined attributes.
I get some rejects in the s4 connector log that the attribute does not exist in Samba LDAP
ldap.OBJECT_CLASS_VIOLATION: {‘desc’: ‘Object class violation’, ‘info’: “00002014: objectclass_attrs: attribute ‘radiusRealm’ on entry ‘CN=admin,CN=Users,DC=domain,DC=net’ does not exist in the specified objectclasses!”}