Samba4 LDAP Integration

[Stefan (metze) Metzmacher]

Gémes Géza schrieb:
>>> No, the real point is not to have to move from OpenLDAP based 
>>> Posix+Samba+other attributes to Samba4's LDAP server based Samba 
>>> attributes+Something else (e.g. flat files :-( ). Instead IMHO a 
>>> Samba4 LDAP server based central storage would be the best solution 
>>> to this. 

this: are my current plans with the samba4 LDAP server:

- use the same authentification schema as the MS ADS server.
   that means acls are ntSecurityDescriptors.

- implmenent the directory partition so that replication per partition
   is possible.

- it'll use the DRSUAPI multimaster replication,
   so it will be possible to have samba4 and w2k(3) dc's together.

- export the LDAP server on ports: 389 (plain) and 636 (ssl)
- export the Global Catalog via LDAP on port 3268 (plain) and 3269 (ssl)

- use the schema partition for managing the schema(like w2k3 do)

- finaly make the use of the MS admin tools possible

- maybe implement the LDAP syncrepl controls to do pull replication with OpenLDAP
   Servers (but maybe only for the samba4:provider openldap:consumer case)

- the server will be able to support plugins for the 'ldapsrv_partition' interface
   so that different implmentation for specific directory partitions are possible.


For backward compat with old samba3+openldap installations: I think
1.)- we should think about a samba3 like design:
      a samr dcerpc server pipe which stores the data in the openldap server.
      (and don't activate the samba4 LDAP server in this case)
    - and if needed use a directory partition plugin to act as proxy to the openldap server
2.)- or use a ldb plugin to for the proxing and mapping of the attributes.


-- 
metze

Stefan Metzmacher <metze at samba.org> www.samba.org