[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP/Samba 4 summary

Andrew Bartlett wrote:
(please forgive the cross-posting to subscriber-only lists)

Howard Chu helpfully wrote up this summary of the meeting we held at the
CIFS Workshop on how Samba4 should work with an LDAP backend.

The background is that Samba4 increasingly needs some things that an
LDAP server could provide for us. In the short term, we need to add
subtree renames to ldb_tdb, but OpenLDAP's hdb already provides this for

Likewise, we have a desperate need for replication (because any site in
need of Samba4's features will want multiple DCs) - and Fedora DS's
replication seems like a very good, solid answer.  (Sadly it doesn't
give us subtree renames...).

Multimaster replication is also in OpenLDAP 2.4 (which is currently still in beta - we're still shaking it down, more testers would probably be helpful at some point).

Another feature we don't yet do schema validation in Samba4, beyond
checking that the objectClass list is valid.  We need to extend that,
but perhaps the LDAP server could do that validation for us?

Right, since LDAP doesn't really depend on schema-aware clients this is the LDAP server's responsibility. (As opposed to X.500, where every agent in the system must be fully schema aware.)
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/