Samba4 LDAP backend status

Andrew Bartlett abartlet at
Mon Aug 14 12:11:39 GMT 2006

On Fri, 2006-08-11 at 11:36 +1000, Andrew Bartlett wrote: 
> For the past few weeks I've been working to have Samba4 function against
> an OpenLDAP (and then Fedora DS) backend server.  In particular, I have
> been hoping to demonstrate to the public at large, with reproducible
> instructions what I demonstrated against the OpenLDAP component of
> Apple's Open Directory system.
> The work has been harder than I expected, mostly because in more recent
> versions of OpenLDAP, the 'schemacheck off' directive is unavailable. 

With ldb_map extended to mark all new objects as extensibleObject, and
with various fixes to the schema, we now provision, join and login a
Win2003 server into Samba4, backed onto OpenLDAP.

This replicates the work I did against Open Directory (I think it was
OpenLDAP 2.2) back in June.  

This demonstration is important because it shows that it is possible to
back Samba4 onto a modern external directory server, and that we should
consider that as one way to gain inter-server replication (I am looking
at Fedora DS for this).  It should also make it easier to have Samba4 as
part of a overall identity management solution in an enterprise.

Almost all the code I used is already in Samba:  Mostly I just need some
provision changes, and I want to rework the schema conversion scripts.

I don't see this as the end of Samba being it's own directory server.
Indeed, I see a very bright future for that: I just want to have
options, and I'm very excited by the possibilities here.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list