ldb and OpenLDAP, *DON'T PANIC*

[Tony Earnshaw]

lør, 21.05.2005 kl. 21.38 skrev Volker Lendecke:

> > LDAP must always come first, Samba's implementation of it second. If one
> 
> Ok, I think I have to adjust a bit here :-)

I really appreciate the trouble you're going to.
> 
> You have chosen Windows as a desktop operating system.

Correction: Windows pushed itself onto me. 

>  Windows has its own
> notion about LDAP, in particular it has very special expectations what the DIT
> has to look like. That's what I mean with that you will probably end up with
> less features when running with an arbitrary tree. You can not expect Samba to
> fully convert any tree design into something that Windows expects from AD,
> there is simply too much variation possible in LDAP (as is probably the case
> with most of the OSI-based protocols... ;-) )
> 
> This is what Andrew Bartlet meant with meta-directories: Some kind of
> translating replication might be necessary. 

O.k. I'm used to that from OpenLDAP backends.

> What I meant: If you can live with the reduced functionality that the Samba 3
> based data model can offer, you will see a seamless Samba 4 backend. If you
> want more functionality than your data can provide, you will need to do
> something. Either dynamically translate/replicate, or convert your tree.

I'm willing to replicate the DIT or otherwise promulgate it, as long as
the original remains intact.

> Just an example: I can not imagine that we will ever support something like
> universal groups within the samba3 based model,

I don't know what universal groups are. This must be a Windows thing and
I haven't got that far yet ;)

>  nor do I see anybody pushing a
> sambaSamAccount-backed KDC into production.

I can't see that happening either; moreover the Samba 3 docs warn
against expecting this.

>  The latter one is not data model
> driven, but this would go far beyond what pdb_ldap was ever made for, and I
> simply don't see the anybody who would put enought energy into it.

O.k., summa sumarum: "Samba 4 is coming along and both the sam/ldb
backend and the total concept are necessarily going to be different from
that in Samba 3. However, we, the Samba designers, have the interests of
the present user and machine park at heart and at the same time as we
are presenting a totally new Samba concept, are striving toward making
the transition from 3 to 4 as painless as possible". At the same time,
you're going to have to up your demands on the OpenLDAP (at least)
backend and its capabilities and educate your users in its
configuration. Dunno whether I'd like that job ;)

I'll stick around, you don't have to tell me any more for the time
being. Renewed thanks for taking the time and trouble!

--Tonni

-- 
mail: tonye at billy.demon.nl
http://www.billy.demon.nl

Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth:
«Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17.
mai feiringen iår, men gjelder sannsynligvis og dette mel mitt).