Version 4 LDAP particulars?
Andrew Bartlett
abartlet at samba.org
Sun Jan 30 02:17:20 GMT 2005
On Sun, 2005-01-30 at 12:37 +0100, pkoelle wrote:
> Andrew Bartlett wrote:
> > I see no reason why Samba would be unable to store arbitrary user data.
> Sounds good ;) and sorry about beeing so picky but will this be release
> delaying?
I have trouble believing that this feature, currently supported, will be
removed in any way...
> >
> >>Both proposed solutions, a LDAP server as backend for ldb or ldb as
> >>backend for a LDAP server are problematic or at least a lot of work and
> >>do not seem to be considered as a necessary part of samba4.
> >
> >
> > I'm a little unsure what you mean here.
>
> your words:
> [begin] However, getting a remote LDAP server to support what we do
> will be a challenge.[end]
It is a design element of ldb that it can be backed against a remote
LDAP server. However, the administrator of that remote server may need
to spend a fair be it time configuring it (loading schema, plugins etc)
before Samba can actually use it. It does however provide a vital
testing infrastructure (for ldb), so the theoretical capability will
certainly remain.
> and:
> [begin] - we tried to have OpenLDAP read ldb as a
> backend, but the code integration task simply proved too difficult.[end]
Exactly. We can't use an OpenLDAP server to read our ldb, as the
OpenLDAP code was too difficult to work with.
> Let me explain the situation to illustrate my concerns. We are quite
> settled on LDAP here using it with SASL CRAM-MD5 and NTLM, simple binds
> over SSL, password updates over PasswordModify Exop... and of course
> samba. I assumed that samba4 will not support all this out of the box
> and I will then have to maintain two data sources and keep them
> syncronized...
NTLM is already supported, and I actually do intend to link to Cyrus
SASL when available, or locally implement CRAM-MD5 (it is a 'mandetory
to implement' part of the LDAPv3 spec).
I'm a big supporter of the PoasswordModify Exop, so I certainly hope to
implement that.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050130/d0f62be9/attachment.bin
More information about the samba-technical
mailing list