ldap was Re: [Samba] Samba 4

Farkas Levente lfarkas at bppiac.hu
Fri Aug 26 09:25:33 GMT 2005

Luke Howard wrote:
>>>There is a good reason for this: AD clients expect non-standard
>>>behaviour from their LDAP server, so we can't just use OpenLDAP. The
>>>Samba4 LDAP server can function pass thru requests to any other
>>>standards-compliant LDAP server.
>>my question just wouldn't it be possible to include a frontend for some 
>>kind of ldap and kerberos server?
>>wouldn't it be easier to enhance openldap or fedora/netscape directory 
>>server? or they are so badly implemented ldap servers?
> You need to maintain the integrity of the Active Directory information
> model regardless of the source of updates. This is difficult to
> impossible with a frontend or proxy.
> Building a directory server from scratch (as Samba4 are doing) or
> extending an existing one (eg. as we did to OpenLDAP in XAD) are the
> only options IMO.

first of all i'm not understand deeply this part of the problem, but let 
me allow to see the whole problem from a sysadm's point of view. it was 
very hard for us to put together a system in a mixed unix/linux and 
windows enviroment which even works, safe and managable. in this case we 
need a ldap servers (porbably replicable), kerberos server and samba. of 
course we'd liek to use only _one_ user database for everything both for 
unux/linux and windows clients and servers. so we need one ldap server 
(i means more replicating the _same_ data), one kerberos server, etc. 
that's the reason why the XAD solution not realy like. i wouldn't like 
to replace the system-wide kerberos server or replace it completly! i 
wouldn't like to run two ntp server. and in case of samba4 wouldn't like 
to replace ldap server or replace it completly. this means if samba4's 
ldap server has all the feature which openldap or netscape has (or at 
least mostly used features) than it's ok for us. otherwise we need to 
use two different ldap for the same thing which is not managable, not 
clean, not easy and anoying. that's my main point. and since behind both 
openldap and netscape has a huge development it seems to me reasonable 
to use their work or at least their experience. so try to design samba4 
to keep in mind a bit wider requirements.
and last but not least finaly some kind of non command line management 
interface would be very usful. until then windows always be better:-(

just my 2c.

   Levente                               "Si vis pacem para bellum!"

More information about the samba-technical mailing list