ldap was Re: [Samba] Samba 4

Stefan (metze) Metzmacher metze at samba.org
Fri Aug 26 07:06:13 GMT 2005

Hash: SHA1

Michael B Allen schrieb:
> On Thu, 25 Aug 2005 21:44:51 +0200
> Jelmer Vernooij <jelmer at vernstok.nl> wrote:
>>>my question just wouldn't it be possible to include a frontend for
>>>some kind of ldap and kerberos server? wouldn't it be easier to
>>>enhance openldap or fedora/netscape directory server? or they are
>>>so badly implemented ldap servers?
>>Their "problem" is that they implement a standards-compliant LDAP
>>server while we need one that violates the standards (but is
>>compatible with AD).

I think the AD LDAP server is compatible with the standard LDAPv3 rfc,
and also some others, it just not compatible with some standard schema's.
and it also have a lot of extensions, but they're added in a standard conformed way,
using LDAP controlls.

But for us it was _MUCH_ easier, do write our own ldap implementation,
then trying to extent OpenLDAP(what we initialy tried, btw).
This is because of the great generic infrastructure of samba4.
We already had LDB, the STREAM_SERVER abstraction, GENSEC and the ldap parsing library from
samba3-trunk, so for a first simple start we only needed to convert from ASN.1 to ldb calls.
pass the LDAP_SASL_BIND blobs to GENSEC, and write recv and send hooks for the stream_Server

That was possible within about 2-3 days work!

And the most stuff we did was to extent LDB, but the LDAP server frontend is mostly unchanged,
till it's first days.

We also support SASL sign and sealed messages, mostly for free (thanks to gensec).

and SSL/tls support is also supported in our ldap client library,
and it would be easy to add it to the server too.

I hope that explains whaat and why we have done it like this.

- --

Stefan Metzmacher <metze at samba.org> www.samba.org
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba-technical mailing list