Samba4 LDAP backend status
abartlet at samba.org
Mon Aug 14 12:11:39 GMT 2006
On Fri, 2006-08-11 at 11:36 +1000, Andrew Bartlett wrote:
> For the past few weeks I've been working to have Samba4 function against
> an OpenLDAP (and then Fedora DS) backend server. In particular, I have
> been hoping to demonstrate to the public at large, with reproducible
> instructions what I demonstrated against the OpenLDAP component of
> Apple's Open Directory system.
> The work has been harder than I expected, mostly because in more recent
> versions of OpenLDAP, the 'schemacheck off' directive is unavailable.
With ldb_map extended to mark all new objects as extensibleObject, and
with various fixes to the schema, we now provision, join and login a
Win2003 server into Samba4, backed onto OpenLDAP.
This replicates the work I did against Open Directory (I think it was
OpenLDAP 2.2) back in June.
This demonstration is important because it shows that it is possible to
back Samba4 onto a modern external directory server, and that we should
consider that as one way to gain inter-server replication (I am looking
at Fedora DS for this). It should also make it easier to have Samba4 as
part of a overall identity management solution in an enterprise.
Almost all the code I used is already in Samba: Mostly I just need some
provision changes, and I want to rework the schema conversion scripts.
I don't see this as the end of Samba being it's own directory server.
Indeed, I see a very bright future for that: I just want to have
options, and I'm very excited by the possibilities here.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060814/84d2d6bb/attachment.bin
More information about the samba-technical