Samba4 LDAP Integration
geza at kzsdabas.sulinet.hu
Thu Oct 28 15:55:49 GMT 2004
Simo Sorce írta:
>On Thu, 2004-10-28 at 17:07, Dustin A. Dortch wrote:
>>Do you reinvent the wheel for the sake of a few things, or do you
>>contribute to an existing project. I tend to think the latter. There
>>is not any need to create a new LDAP server. That is just more code to
>>maintain than is necessary. OpenLDAP does need some work, but maybe
>>there needs to be some joint work in extending OpenLDAP, especially in
>>respects to replication and manageability.
>I tried to work on openLdap code, I wrote an ldb module with basic
>functionality, and, at last, found it was much easier and productive for
>samba4 development to start from scratch and build up a new ldap server.
>It was a well thought decision.
>Said that I'm not saying samba will support _only_ the samba ldap
>server, we are still in early development steps in this field and being
>able to have our ldap server tightly integrated helps a lot to develop
>the whole project faster. Once we will have all the details and needs
>sorted out we will be able to decide how to address compatibility
>towards other ldap servers.
I think, that having Samba4 ready for the time when M$ will force its
customers to move to AD is the crucial point.
Making OpenLDAP multimaster replication reliable is something that
OpenLDAP developers weren't able or wanting enough to do so from years.
Multimaster replication is an important point in Windows AD -> Samba4 AD
migration, and interoperability.
I think we SHOULD accept, that the Samba3+OpenLDAP to Samba4+Heimdal+???
will be a harder one that the Samba2+OpenLDAP to Samba3+OpenLDAP was
(because it wasn't touching any of the non-Samba attributes).
IMHO we will have a lot smoother migration path, if we (running
Samba3+OpenLDAP) would do an inventory of what other LDAP dependent
services are we running, and develop plans (and if needed patches and
scripts for them) on modifying them to use the new schema. And when the
time of switching to Samba4 comes we could do that more easyly.
Thanks for reflecting on it.
More information about the samba-technical