ldb and OpenLDAP, *DON'T PANIC*

Volker Lendecke Volker.Lendecke at SerNet.DE
Sat May 21 19:38:27 GMT 2005

On Sat, May 21, 2005 at 09:19:02PM +0200, Tony Earnshaw wrote:
> LDAP must always come first, Samba's implementation of it second. If one

Ok, I think I have to adjust a bit here :-)

You have chosen Windows as a desktop operating system. Windows has its own
notion about LDAP, in particular it has very special expectations what the DIT
has to look like. That's what I mean with that you will probably end up with
less features when running with an arbitrary tree. You can not expect Samba to
fully convert any tree design into something that Windows expects from AD,
there is simply too much variation possible in LDAP (as is probably the case
with most of the OSI-based protocols... ;-) )

This is what Andrew Bartlet meant with meta-directories: Some kind of
translating replication might be necessary. 

What I meant: If you can live with the reduced functionality that the Samba 3
based data model can offer, you will see a seamless Samba 4 backend. If you
want more functionality than your data can provide, you will need to do
something. Either dynamically translate/replicate, or convert your tree.

Just an example: I can not imagine that we will ever support something like
universal groups within the samba3 based model, nor do I see anybody pushing a
sambaSamAccount-backed KDC into production. The latter one is not data model
driven, but this would go far beyond what pdb_ldap was ever made for, and I
simply don't see the anybody who would put enought energy into it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050521/886d12a6/attachment.bin

More information about the samba-technical mailing list