Current ideas on kerberos requirements for Samba4
Stefan (metze) Metzmacher
metze at samba.org
Wed May 25 15:44:18 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Ströder schrieb:
> Andrew Bartlett wrote:
>
>>On Tue, 2005-05-24 at 08:09 -0500, Gerald (Jerry) Carter wrote:
>>
>>
>>>Andrew,
>>>
>>>I'm not getting into this thread for obvious reasons, but
>>>I think this is a very dangerous statement (and assumption)
>>>to make. You are claiming to match against AD. That's a
>>>big order from the LDAP side of things. People will expect
>>>you to get the LDAP part right if you are taking it over.
>>
>>Indeed, and this is actually something that I do worry about with Samba4
>>going forward.
>
>
> Will Samba4 implement the very same LDAP schema like MS AD? You might
> have to since some LDAP-based management applications assuming to access
> AD might expect certain schema elements. And maybe you also have to
> implement some very special things like handling of attribute
> 'unicodePwd' etc.
yes, but we still need to analyse what is so special with this attribute...
the current idea is this:
a) we are the first DC in the ADS Forest:
then we provide a very small part of the real MS AD schema,
just enough to provide services for standard MS Clients
b) if we are not the first DC in the Forest, we just fetch the Schema Partition in the first
replication cycle from an existing DC in the forest. And then we have the same schema
as all other DC's
- --
metze
Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD4DBQFClJ1Qm70gjA5TCD8RArTKAJ9cJT465qzQrRF8IC8V+aQgB3WB3QCYrIjW
EAFJvrNUEIJQeU9QOkK0aw==
=ee6e
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list