ldap was Re: [Samba] Samba 4

Simo Sorce idra at samba.org
Fri Aug 26 07:12:38 GMT 2005

On Thu, 2005-08-25 at 21:36 -0400, Michael B Allen wrote:
> If a peice of code correctly abstracts an idea it cannot be "wrong" and
> will work with any other task that employs that idea. There are a lot of
> pieces to a protocol server that are conceptually separable. You have I/O
> handling, marshalling code, search expression reducing routines, etc. I
> haven't a clue as to the standards violations you speak of but I'll bet
> my guitar that AD and other directory servers share a lot conceptually. I
> think "frontend" is not the correct word. Librarification would be more
> appropriate (although I'm not sure it's a word at all :-).

You're right, the protocol has lot of separate pieces, and we're
implementing one at a time, but others have done that the same way (I'ce
seen only openLdap source code not netscape).

> So it seems to me the "problem" is more that the OpenLDAP and Netscape
> code does not abstract ideas through librarification of peices using well
> defined, "small", easy to understand interfaces. At least not enough to
> compel third parties to use it in different applications.

The problem, for us was 2 folds.

a) We need a common database so that all protocols share the same data
and can answer to all requests over multiple protocols consistently.
We think we solved this problem with ldb our light weight, ldap like,
simple db that can use both a tdb or an ldap server as a backend. 

b) We need to make the servers mentioned above to use our data source so
that you do not have replicated potentially inconsistent data.
I tried writing ad ldb backend for openLdap some months ago and i was
easy to provide basic functions for openLdap to work, but it became very
hard to provide most advanced features openLdap requires from it's
backend as the calling functions were expecting it to be a lot like a
Berkley db while instead we had an ldap like interface. Plus the
openLdap code was really hard to read for me, so I gave up when I saw it
was really tricky to get out something decent from this approach. We
still would have had the need to build all the SLAPI modules needed to
match the protocol differences. About netscape I do not think it
provides any means to replace the backend database but I never looked at

Another thing that made me and other prefer a custom made server is that
we would like to support the AD multimaster replication protocol, and
that's not possible without a way to modify the backend database and
store more information than those exposed.


Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it

More information about the samba-technical mailing list