LDAP support in SAMBA

koen muylkens koen.muylkens at student.kuleuven.ac.be
Wed Sep 26 15:28:07 GMT 2001


On Wednesday 26 September 2001 19:45, you wrote:
> On Mon, 24 Sep 2001, Jan Du Caju wrote:
> > We did some code modifications to allow us to have some needed
> > (at least of us ;-) enhancements.
> > I know we should have looked first at the TODO page
> > http://ftp.easynet.be/samba/TODO.html
> > and contacted you but as we didn't I just list them and wait
> > for suggestions/instructions
> >
> > 1) redundancy enhancement
> >
> > More specific to be able to specify more than 1 ldap server so
> > in case the first specified is unreachable the next (containing
> > the same info :) is tried:
> > modification of ldap.c and used a different format for the ldap
> > server definition in smb.conf:
> > ldap server = <ldapserver_1>[:port][,<ldapsever_X>[:port]]*
>
> Good idea.
>
> > 2) a fall back to the local smb password file
> >
> > Due to our complex environment where the samba servers are/will
> > be managed decentral the local administrators need to be able
> > to add temporary users locally which do/will not appear in the
> > central ldap servers. Similar it would be better to define the
> > user root (needed to add machine accounts in a Windows domain)
> > locally.
> >
> > So changes were made to be able to specify in the smb.conf file
> > the order the backend db will be consulted. Modification of info
> > will only be possible in the db where it was found.
> > For the commands like smbpasswd we added an argument to specify
> > the backend that should be updated.
>
> Ironically enough, koen muylkens <koen.muylkens at student.kuleuven.ac.be>
> Just posted a similar query.  His was related to failover among
> passdb backends in general.
> I'll look at your patch, but I would like to solve this
> in the general case.

I wrote those patches. (the LDAP-fallback and the ldap-sambapasswd-fallback)
I'm a student at the university Jan Du Caju works for.
I wrote those patches for samba 2.2.1a with the LDAP patches developt by 
Shahms, and I wanted to use them with the current samba_2_2 in the cvs.
The Ldap-fallback (search a second ldapserver if the first fails) can be used 
with the cvs-version but the failover among passdb backends can't.
, because of the redesign of passdb.c ,  I wanted to know if this changes 
would make this patch unnecessary.
Is there already work done in solving this in the general case ? 

> > 3) We want to help coding the password and group backend
> > (especially ldap ;)
> >
> > Patches against CVS tag SAMBA_2_2 are coming up.
>
> Are you working with JF's group mapping code in HEAD?
>
>
>
>
>
>
>
>
>
> cheers, jerry
>  ---------------------------------------------------------------------
>  www.samba.org              SAMBA Team              jerry_at_samba.org
>  www.plainjoe.org                                jerry_at_plainjoe.org
>  --"I never saved anything for the swim back." Ethan Hawk in Gattaca--




More information about the samba-technical mailing list