Samba4 LDAP backend status
Andrew Bartlett
abartlet at samba.org
Fri Aug 11 23:08:52 GMT 2006
On Fri, 2006-08-11 at 11:36 +1000, Andrew Bartlett wrote:
> For the past few weeks I've been working to have Samba4 function against
> an OpenLDAP (and then Fedora DS) backend server. In particular, I have
> been hoping to demonstrate to the public at large, with reproducible
> instructions what I demonstrated against the OpenLDAP component of
> Apple's Open Directory system.
> This has been a partial success. I can start loading our provision into
> the target server.
>
> My current challenge comes from the fact that in AD, the 'person'
> objectClass does not contain a 'sn' attribute.
I've now got a schema OpenLDAP will accept.
I had some fun with the OID on middleName as it appears that Microsoft
has borrowed/stolen one of the Netscape assigned OIDs
(2.16.840.1.113730.3.1.34), which OpenLDAP and standards-track processes
assign to 'ref'. I have given it 1.3.6.1.4.1.7165.4.1.8 instead (from
the Samba Team's OID space).
(I can't just remove it from the OpenLDAP schema, as it is a hard-coded
item).
I've also got the data into the OpenLDAP server with our provision
script, with a few small adjustments. Mostly I need to avoid manually
setting the objectGUID attribute, as it is mapped to the operational
entryUUID.
kinit succeeds against the server, but when I started a Win2k3 join,
things failed, and this is where I'm currently working.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060812/e5cf7a43/attachment.bin
More information about the samba-technical
mailing list