Samba4 LDAP Integration

Andrew Bartlett abartlet at samba.org
Wed Oct 27 14:10:54 GMT 2004 

On Thu, 2004-10-28 at 00:01, Pierre Filippone wrote:
> Hi,
> 
> we use Samba 3 as domain controllers for a Citrix server farm and in the 
> near future we are planning to use these DCs also for the rest of our 
> network. 
> 
> Although it works very well, in the forseeable future we will be obliged 
> to offer some sort of AD emulation, unless we get rid of Windows OSes for 
> our desktops, which I don't see at the moment. Longhorn will probably not 
> support non-AD DCs any more. 

Personally, I would be surprised.  NT4 is still out there...

But your point is valid, and that is why we are working so hard on
Samba4.

> The question that arises for us is, how difficult the migration from Samba 
> 3 to Samba 4 will be, especially regarding the LDAP backend. At the moment 
> we have a perfect integration of all samba related attributes in our 
> existing user entries. Simply add samba attributes and go. 
> Will it stay like this in Samba4, meaning that we can keep our existing 
> structure in openldap, at least regarding users and groups, and samba4 
> will present some kind of translated LDAP view to MS clients ? 
> Or are you planning to put AD entries directly into openldap, which makes 
> the integration of our existing entries difficult or impossible.
> 
> Has there already been made a decision or is it too early to ask this 
> question ?

This is a very good time to start looking into this area.  Currently,
the Samba4 modal assumes either that OpenLDAP contains support for all
the AD attributes, or that you use Samba4's ldb local storage in a TDB.

Clearly, this just will not work for your site, and many others.  What I
think we need to do is write another LDB backend, that understands more
about the semantic mapping, and provides a proxy service.

However, products like XAD show that OpenLDAP can be made to handle
this, with the right schema, plugins etc, but perhaps not your existing
structure.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041028/9ab05425/attachment.bin

More information about the samba-technical mailing list