Samba4 LDAP backend status

Andrew Bartlett abartlet at
Fri Aug 11 23:08:52 GMT 2006

On Fri, 2006-08-11 at 11:36 +1000, Andrew Bartlett wrote:
> For the past few weeks I've been working to have Samba4 function against
> an OpenLDAP (and then Fedora DS) backend server.  In particular, I have
> been hoping to demonstrate to the public at large, with reproducible
> instructions what I demonstrated against the OpenLDAP component of
> Apple's Open Directory system.

> This has been a partial success.  I can start loading our provision into
> the target server.
> My current challenge comes from the fact that in AD, the 'person'
> objectClass does not contain a 'sn' attribute.  

I've now got a schema OpenLDAP will accept.

I had some fun with the OID on middleName as it appears that Microsoft
has borrowed/stolen one of the Netscape assigned OIDs
(2.16.840.1.113730.3.1.34), which OpenLDAP and standards-track processes
assign to 'ref'.  I have given it instead (from
the Samba Team's OID space).

(I can't just remove it from the OpenLDAP schema, as it is a hard-coded

I've also got the data into the OpenLDAP server with our provision
script, with a few small adjustments.  Mostly I need to avoid manually
setting the objectGUID attribute, as it is mapped to the operational

kinit succeeds against the server, but when I started a Win2k3 join,
things failed, and this is where I'm currently working.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list