Version 4 LDAP particulars?

Stefan (metze) Metzmacher metze at
Sat Jan 29 08:48:16 GMT 2005

Hash: SHA1

Peter Tiggerdine schrieb:
| Jim,
| On Fri, 2005-01-28 at 10:52 -0800, Jim Hogan wrote:
|>First, my deepest gratitude to the Samba Team.  I'll try to be brief.
|>Don't want to rob much of anyone's time and am almost embarassed to pose
|>my questions here.
|>Situation: We run 3.10 today in simple domain model with tdb auth, but
|>have need of LDAP for many reasons.   I see LDAP noted as "non-release
|>delaying" feature for Samba 4.  We do not have any urgent need of AD
|>support in Samba 4, though some "subfeatures" could be useful (group
|>policies, say?) if they wind up as part of V4 AD feature set.
|>So, I am trying to evaluate "Build OpenLDAP directory today and
|>integrate with V3 or perhaps wait...or take some hybrid approach?"    I
|>looked at latest latest LDAP source from subversion and see what looks
|>like scratch-built LDAP server.  So my questions:
| I'm also at this cross-road.
|>- Will Samba 4 still allow substitution of existing OpenLDAP/other LDAP
|>service for ldb support?
|>- Can anyone point me to V4 default LDAP schema in source?  I probably
|>need a dope slap but couldn't find it.
|>- To ease later migration to Samba 4, could v4 schema be applied to
|>build a v3 (OpenLDAP) schema for ldapsam support?
| I've asked metze about this and I was told that if someone wants to
| write the tbl backend for samba4, go for it. But officially the only
| backend that is going to be developed for now is tbl with samba's own
| ldap.

what is 'tbl'?

All I said was that currently we only use our own sam.ldb to store users/computers/groups...
and the ldb doesn't use a real schema yet, but the objectclasses and attributes which are used,

are very simular to the one's used by on w2k3 ads server.

And I said that we first only care about our own ldb and make the samba4 code handle all
involved protocolls (SAMR, NETLOGON, DRSUAPI, LDAP...) correct.

and when this is done and have the correct layout and an implementation with good code
like the smb server.

then we'll try to find ways to make backward compatibility and upgrading as easy as possible

| There is a paper floating around that Andrew Bartlet wrote on migration
| from samba3 to samba4.  This was merely a discussion paper and gave no
| realy solution but "food for thought"
| I would hope that somewhere along the was that the openldap team could
| come up wuth an acceptable working backend ( not that I don't like
| samba's ldap implementation) for backwards compatibility with my single
| sign-on server.
|> Is the Samba 4 LDAP server planned to be generally useful (support
|>Linux sign-on, http/Apache/PHP auth in our case, say) or are there any
|>specific expected limitations?
|>- Is LDAP really non-release delaying?  If ldb is required for Samba 4
|>operation, how can that be?
|>I'm not sure if it comes through in my questions, but the notion of an
|>all-in-one Samba+LDAP is pretty exciting.  The team's track record is
|>awesome and I am in awe of what you've all done.  Like probably a
|>billion others, I am intensely interested in progress of Samba 4, but
|>know that most things are done when they're done.  I just have to figure
|>out the smartest course in the short term.
|>My apologies in advance if some of these questions were answered
|>elsewhere.  My *thanks* in advance for your time!  Any other stray
|>thoughts appreciated.
| Cheers,

- --

Stefan Metzmacher <metze at>
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird -


More information about the samba-technical mailing list