Samba AD schema extensions

From SambaWiki
Revision as of 17:25, 14 September 2015 by Mmuehlfeld (talk | contribs) (Mmuehlfeld moved page Samba AD schema extenstions to Samba AD schema extensions: fix typo in title)

Schema extension in Samba 4

Samba 4 supports the same kind of schema extensions as Microsoft Active Directory. Schema updates in AD are a sensitive action and you must be prepared to do a full restore of the DC holding the role of schema master if something goes wrong.

This is even more true in Samba 4 given it does not always generate some critical attributes that are generated on Microsoft AD and this lack of attributes can lead to a un-start-able samba provision. This is why schema updates in Samba 4 are currently disabled by default.

In order to allow them, the option dsdb:schema update allowed must be set to true in the smb.conf or passed on the command line.

Tested Schema extensions

As getting an LDIF that won't ruin the provision can be hard, this page will list LDIFs that are known not to break the database.

Perform these updates only if you need them and if you know how to restore the provision on the schema master.


This extension allow you to store automount information in LDAP. In order to add this extension, follow these steps:

  • Download File:Automount template.ldif.txt, this is a template that will be transformed in the next steps
  • Locate the rootDN of your provision: ldbsearch -H ldap://ip_of_server -U administrator -s base dn
  • Run cat automount_template.ldif | sed 's/DOMAIN_TOP_DN/value_of_rootDN_obtained_in_previous_step/' > automount.ldif
  • Stop Samba4 on the schema master
  • Copy automount.ldif to the schema master server (if you were working on a different server)
  • Apply the ldif with a command similar to: ldbmodify -H path_to_sam_ldb automount.ldif --option="dsdb:schema update allowed"=true