[Date Prev][Date Next]
Re: Re-engaging the Samba4 LDAP backend
> I'm trying to pick up the ball again on the OpenLDAP and Fedora DS
> backends, and hopefully to bring them back up to speed as a working and
> respectable solution.
> LDB will always be the Samba Team's primary backend for Samba4. This is
> particularly the case as there seems no reasonable prospect that we will
> do DRS replication against the OpenLDAP or FedoraDS backeed. (This
> simplifies the requirements dramatically).
> However, we do need them to work, as far as practical, for the rest of
> Samba4's DC functionality. The things I need soon from the backends
> - a replacement for the Samba4 rdn_name module. For OpenLDAP I have
> tried out ITS#6055 but it fails, sadly.
I've just sent you a fix
(OpenLDAP's ftp says "disk full").
We also need to discuss a rationalization of Samba 4 support, as I wonder
whether piling up overlays that are specifically meant for one setup is
the good choice, or we'd better integrate them in a (few) single
> I don't know of any comparable effort in Fedora DS.
> - A RID allocation tool. Fedora DS has the 'distributed numeric
> assignment' plugin, and I'm sure it will be no challenge for OpenLDAP to
> match it. Safely adding new users to an OpenLDAP backend really does
> need a safe way to allocate RID values.
> - A way to invoke slpad -Ttest -f <config file> -F <config dir> without
> issuing errors because of the missing databases
> - Transaction support. While most of the transaction-aware tasks in
> Samba have now been either pushed off as 'too hard on LDAP' or into
> modules that are now in the LDAP backend, we still do need transactions
> over LDAP.
> - A way to easily detect that we have OpenLDAP or Fedora DS installed
> on the system, and what it's version is. Once we have that, we could
> start trying to run at least some of Samba4's tests against such a
> backend regularly (and stop breaking it so often).
> - Some help debugging the existing 'make test' failures!
> To address a broader range of use cases, I'm looking forward to the work
> Endi has promised for a 'ldap backend config file' as input to
> provision. Hopefully this will reduce the options we have to present to
> users on the provision command line.
> (Apologies in advance for the cross-post to multiple member-only lists,
> but I just wanted to get everyone on the same page).
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Cisco Inc.