Version 4 LDAP particulars?

Andrew Bartlett abartlet at
Sat Jan 29 22:05:49 GMT 2005

On Sun, 2005-01-30 at 01:47 +0100, paul kölle wrote:
> Stefan (metze) Metzmacher wrote:
> > And I said that we first only care about our own ldb and make the samba4 
> > code handle all
> > involved protocolls (SAMR, NETLOGON, DRSUAPI, LDAP...) correct.
> That is to say: Implement those parts of LDAP the clients ask for, not a 
> LDAPv3 server+extensions right?

The intention is certainly to implement an LDAP server that matches what
Microsoft provides.  As metze indicates, we need a lot of this just to
provide infrastructure for everything else, even before we deal with
what LDAP clients may need.  

> > 
> > and when this is done and have the correct layout and an implementation 
> > with good code
> > like the smb server.
> > 
> > then we'll try to find ways to make backward compatibility and upgrading 
> > as easy as possible
> I for one am not so concerned about migration or backward compatibility 
> but what will be the result in terms of data storage. As a matter of 
> fact, LDAP servers are now in use for many "auth like" services 
> including but not limited to samba. If the samba LDAP server cannot 
> store "foreign data" (custom schemas) many ppl will end up with at least 
> two separate data stores which have to be syncronized/integrated to some 
> extend.

I see no reason why Samba would be unable to store arbitrary user data.

> Both proposed solutions, a LDAP server as backend for ldb or ldb as 
> backend for a LDAP server are problematic or at least a lot of work and 
> do not seem to be considered as a necessary part of samba4. 

I'm a little unsure what you mean here.  

> It would be 
> nice to have a rough outline how a samba3+ldap+heimdal[ldap backend] 
> scenario looks like in a samba4 setup.

As a Kerberos server will be an integral part of Samba4 (we have a
custom branch of Heimdal kerberos that we maintain for this purpose),
this will have to 'just work'.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list