Version 4 LDAP particulars?

Andrew Bartlett abartlet at samba.org
Sun Jan 30 02:17:20 GMT 2005 

On Sun, 2005-01-30 at 12:37 +0100, pkoelle wrote:
> Andrew Bartlett wrote:
> > I see no reason why Samba would be unable to store arbitrary user data.
> Sounds good ;) and sorry about beeing so picky but will this be release 
> delaying?

I have trouble believing that this feature, currently supported, will be
removed in any way...

> > 
> >>Both proposed solutions, a LDAP server as backend for ldb or ldb as 
> >>backend for a LDAP server are problematic or at least a lot of work and 
> >>do not seem to be considered as a necessary part of samba4. 
> > 
> > 
> > I'm a little unsure what you mean here.  
> 
> your words:
> [begin] However, getting a remote LDAP server to support what we do
> will be a challenge.[end]

It is a design element of ldb that it can be backed against a remote
LDAP server.  However, the administrator of that remote server may need
to spend a fair be it time configuring it (loading schema, plugins etc)
before Samba can actually use it.  It does however provide a vital
testing infrastructure (for ldb), so the theoretical capability will
certainly remain.

> and:
> [begin] - we tried to have OpenLDAP read ldb as a
> backend, but the code integration task simply proved too difficult.[end]

Exactly.  We can't use an OpenLDAP server to read our ldb, as the
OpenLDAP code was too difficult to work with.  

> Let me explain the situation to illustrate my concerns. We are quite 
> settled on LDAP here using it with SASL CRAM-MD5 and NTLM, simple binds 
> over SSL, password updates over PasswordModify Exop... and of course 
> samba. I assumed that samba4 will not support all this out of the box 
> and I will then have to maintain two data sources and keep them 
> syncronized...

NTLM is already supported, and I actually do intend to link to Cyrus
SASL when available, or locally implement CRAM-MD5 (it is a 'mandetory
to implement' part of the LDAPv3 spec).

I'm a big supporter of the PoasswordModify Exop, so I certainly hope to
implement that.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050130/d0f62be9/attachment.bin

More information about the samba-technical mailing list