[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re-engaging the Samba4 LDAP backend

To: Howard Chu <hyc@symas.com>, Endi Sukma Dewata <edewata@redhat.com>
Subject: Re-engaging the Samba4 LDAP backend
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 30 Mar 2010 12:53:06 +1100
Cc: Samba Technical <samba-technical@lists.samba.org>, "389 Directory server developer discussion." <389-devel@lists.fedoraproject.org>, openldap-technical@openldap.org

I'm trying to pick up the ball again on the OpenLDAP and Fedora DS
backends, and hopefully to bring them back up to speed as a working and
respectable solution.

LDB will always be the Samba Team's primary backend for Samba4.  This is
particularly the case as there seems no reasonable prospect that we will
do DRS replication against the OpenLDAP or FedoraDS backeed.  (This
simplifies the requirements dramatically). 

However, we do need them to work, as far as practical, for the rest of
Samba4's DC functionality.  The things I need soon from the backends
are:

 - a replacement for the Samba4 rdn_name module.  For OpenLDAP I have
tried out  ITS#6055 but it fails, sadly.  
http://www.openldap.org/its/index.cgi/Development?id=6055;selectid=6055
I don't know of any comparable effort in Fedora DS. 

 - A RID allocation tool.  Fedora DS has the 'distributed numeric
assignment' plugin, and I'm sure it will be no challenge for OpenLDAP to
match it.  Safely adding new users to an OpenLDAP backend really does
need a safe way to allocate RID values. 

 - A way to invoke slpad -Ttest -f <config file> -F <config dir> without
issuing errors because of the missing databases

 - Transaction support.  While most of the transaction-aware tasks in
Samba have now been either pushed off as 'too hard on LDAP' or into
modules that are now in the LDAP backend, we still do need transactions
over LDAP. 

 - A way to easily detect that we have OpenLDAP or Fedora DS installed
on the system, and what it's version is.  Once we have that, we could
start trying to run at least some of Samba4's tests against such a
backend regularly (and stop breaking it so often). 

 - Some help debugging the existing 'make test' failures!

To address a broader range of use cases, I'm looking forward to the work
Endi has promised for a 'ldap backend config file' as input to
provision.  Hopefully this will reduce the options we have to present to
users on the provision command line. 

(Apologies in advance for the cross-post to multiple member-only lists,
but I just wanted to get everyone on the same page). 

Thanks, 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: Re-engaging the Samba4 LDAP backend
  - From: Howard Chu <hyc@symas.com>
- Re: Re-engaging the Samba4 LDAP backend
  - From: masarati@aero.polimi.it

Prev by Date: Re: Active Directory schema into OpenLDAP
Next by Date: Re: Active Directory schema into OpenLDAP
Index(es):
- Chronological
- Thread