[PATCH] Activate partitions module

Andrew Bartlett abartlet at samba.org
Tue Jul 11 06:27:26 GMT 2006 

On Tue, 2006-07-11 at 00:09 -0400, simo wrote:
> On Tue, 2006-07-11 at 14:04 +1000, Andrew Bartlett wrote:
> > On Mon, 2006-07-10 at 23:53 -0400, simo wrote:
> > > On Tue, 2006-07-11 at 12:14 +1000, Andrew Bartlett wrote:
> > > 
> > > > > Also we need to combine the results of all partitions on the global
> > > > > catalog port.
> > > > 
> > > > This is my next task.  Do you have any preference for how I should
> > > > indicate to ldb from the GC port that searches should be over multiple
> > > > partitions?
> > > > 
> > > > It almost seems like we need 'internal-only controls' to attach to the
> > > > request.
> > > 
> > > The GC is a specialized and fast db that stores a subset of the
> > > attributes and I think hold everything forestwide, so that you are not
> > > required costly calls outside.
> > > I think it should be a separate database fed by an ldb module that holds
> > > the configuration of which attributes to copy there.
> > 
> > That certainly sounds like the correct approach, particularly if we were
> > not to consider an LDAP backend.  It avoids the need for controls etc,
> > because it is simply a connection to a seperate ldb, and can by design
> > only contain the attributes desired.
> > 
> > But if I want to keep the goal of an LDAP backend alive, how should I
> > handle this?  
> 
> Dunno, I am very sleepy, but this is one of the many things that makes
> me skeptic about being able to have a full working AD DC backed by an
> external server.

I know you are sceptical, but my initial goal is not to implement a full
working AD DC, and certainly not against an LDAP server.  But, what I do
want to do is to get the logon server capability out there, without
compromising the longer term goals.  Your feedback is *critical* in
ensuring we can achieve both.  

I have demonstrated an AD join and logon (that is, most of the
functionality we have in total!) against Samba4 in this configuration,
so would like to continue on this path.   I don't think that we should
allow the challenges we have not yet seen to prevent us from trying to
make Samba4 useful to these users.  

I'm also happy to turn up the requirements on the backend server.  An
unmodified OpenLDAP server or Fedora Directory server is great for a
demonstration, but I fully expect we will require much more of them in
the future.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060711/f71e071a/attachment.bin

More information about the samba-technical mailing list