Version 4 LDAP particulars?

Peter Tiggerdine ptiggerdine at
Sat Jan 29 02:00:35 GMT 2005

On Fri, 2005-01-28 at 10:52 -0800, Jim Hogan wrote:
> First, my deepest gratitude to the Samba Team.  I'll try to be brief. 
> Don't want to rob much of anyone's time and am almost embarassed to pose 
> my questions here.
> Situation: We run 3.10 today in simple domain model with tdb auth, but 
> have need of LDAP for many reasons.   I see LDAP noted as "non-release 
> delaying" feature for Samba 4.  We do not have any urgent need of AD 
> support in Samba 4, though some "subfeatures" could be useful (group 
> policies, say?) if they wind up as part of V4 AD feature set.
> So, I am trying to evaluate "Build OpenLDAP directory today and 
> integrate with V3 or perhaps wait...or take some hybrid approach?"    I 
> looked at latest latest LDAP source from subversion and see what looks 
> like scratch-built LDAP server.  So my questions:
I'm also at this cross-road.
> - Will Samba 4 still allow substitution of existing OpenLDAP/other LDAP 
> service for ldb support?
> - Can anyone point me to V4 default LDAP schema in source?  I probably 
> need a dope slap but couldn't find it.
> - To ease later migration to Samba 4, could v4 schema be applied to 
> build a v3 (OpenLDAP) schema for ldapsam support?
I've asked metze about this and I was told that if someone wants to
write the tbl backend for samba4, go for it. But officially the only
backend that is going to be developed for now is tbl with samba's own

There is a paper floating around that Andrew Bartlet wrote on migration
from samba3 to samba4.  This was merely a discussion paper and gave no
realy solution but "food for thought"

I would hope that somewhere along the was that the openldap team could
come up wuth an acceptable working backend ( not that I don't like
samba's ldap implementation) for backwards compatibility with my single
sign-on server.
>  Is the Samba 4 LDAP server planned to be generally useful (support 
> Linux sign-on, http/Apache/PHP auth in our case, say) or are there any 
> specific expected limitations?
> - Is LDAP really non-release delaying?  If ldb is required for Samba 4 
> operation, how can that be?
> I'm not sure if it comes through in my questions, but the notion of an 
> all-in-one Samba+LDAP is pretty exciting.  The team's track record is 
> awesome and I am in awe of what you've all done.  Like probably a 
> billion others, I am intensely interested in progress of Samba 4, but 
> know that most things are done when they're done.  I just have to figure 
> out the smartest course in the short term.
> My apologies in advance if some of these questions were answered 
> elsewhere.  My *thanks* in advance for your time!  Any other stray 
> thoughts appreciated.
> Jim

Peter Tiggerdine <ptiggerdine at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list