ldb and OpenLDAP, *DON'T PANIC*

Tony Earnshaw tonye at billy.demon.nl
Sat May 21 17:26:54 GMT 2005


List,

panic over Andrew Bartlett's hint (in an answer to a samba users post
from me) that Samba 4 might demand a complete rebuild of my OpenLDAP
database.

1: have searched the Samba samba-technical at lists.samba.org mail archives
back to January 2005 (should be far enough back) for LDAP and ldb.
Hardly anything. What there was, was not particularly encouraging.

2: I have used Samba 3 up to 3.0.14a as NT4/Windows 2000 PDC with
ldapsam backend with perfect results, using my own OpenLDAP DSE and
Samba's built-in (read smb.conf) and extra tools (e.g. smbpasswd,
pdbedit, net, rpcclient, etc).

3: My DSE is quite different from idealx's. I use my own scripts
(awk/sed/shell) to manage it. My users and groups are in completely
different containers than idealx's or whatever Samba might  have
envisaged, yet nonetheless the existing Samba3 tools can cope with it.

For example, my base DN might be: dc=example,dc=tld. Under that I might
have:

ou=groups,dc=example,dc=tld

under that I might have:

cn=katter,ou=groups,dc=example,dc=tld, where katter is a
posixGroup/sambaGroupMapping and contains posixAccount users like billy:
cn=billy,cn=katter,ou=groups,dc=example,dc=tld and billy is a
posixAccount/sambaSamAccount member.

Similarly, I might have 

cn=people,ou=groups,dc=example,dc=tld,
where people is a posixGroup/sambaGroupMapping and contains posixAccount
users like tonni: cn=tonni,cn=people,ou=groups,dc=example,dc=tld and
tonni is a posixAccount/sambaSamAccount member.

Then again, for Samba I might have:

ou=smb,dc=example,dc=tld,

and under that all the Samba stuff:

ou=groups,ou=smb,dc=example,dc=tld, with as groups cn= computers,
cn=domadm, cn=domguest, cn=domuser and under that the regular users:
cn=administrator,cn=domadm,ou=groups,ou=smb,dc=example,dc=tld etc.

There's *NO WAY* I'm going to demolish my DSE for Samba4. It has to cope
with (and does cope with) unimaginable hammering from all sorts of Linux
services which deserve priority. If we have to go back to a 100% Windows
environment for Windows, then so be it.

--Tonni

-- 
mail: tonye at billy.demon.nl
http://www.billy.demon.nl

Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth:
«Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17.
mai feiringen iår, men gjelder sannsynligvis og dette mel mitt).



More information about the samba-technical mailing list