Major new ubiqx release

Andrew Tridgell tridge at samba.anu.edu.au
Tue Apr 21 02:40:21 GMT 1998


> Okay, here we have a *BIG* question.  Do we (Samba team & assoc. 
> developers) commit to LDAP as our internal database access scheme (for
> config, WINS, passwords, etc.), or do we consider a lower level system and
> put LDAP on top of it?  BIG issue!

nope!
 
>   * do we require that there be an LDAP server available with which to 
>     communicate?

definately not!

>   * do we write our own LDAP service attached to Samba (code is available)
>     and, if so, will it conflict with another LDAP service on the same 
>     machine?

nope

>   * do we avoid all of these problems and write something else which can, 
>     if desired, talk to an LDAP server?

yes!

there is no way we are going to permanently hitch ourselves to
LDAP. It's fine for LDAP to be one way to configure Samba, but it
certainly can't be the only way. 

> > And communication to ldap is thru a TCP/IP socket, so you can have
> > multiple samba servers connecting to the same LDAP server ! 
> 
> Which, as I've listed, raises some questions.

it certainly does, security being one of them! Also complexity,
fragility and general "where the hell is it going wrong" problems.

LDAP might be the wave of the future, but we are not going to catch
that wave irrevocably until it is well established in (at least) a
large portion of the sites that run Samba. Right now I've never even
used a box that has a LDAP server, and I bet 99% of other Samba sites
haven't either. 

I'd love to see a clean bit of code so you can "#define CONFIG_LDAP=1"
and store everything in LDAP. That would be great. Stripping out the
current code and replacing it with LDAP specific code is a totally
different kettle of fish :)

Cheers, Andrew


More information about the samba-technical mailing list