[soc] External LDAP support in Samba4

Jelmer Vernooij jelmer at samba.org
Tue Jun 6 09:55:18 GMT 2006 

Hi Martin,

On Sun, 2006-06-04 at 21:13 +0200, Martin Kühl wrote:
> For my SoC project I'll assume an external LDAP server with the Samba3
> schema as the LDB backend (for a stable base).  The work then consists
> of three subproblems:
> 
>   1) Defining mappings from AD to Samba3 and back.
The ldb_samba3 module that I wrote last year does some of this - it
might be a good starting point

> Applying mappings from a module
> -------------------------------
> 
> A module to perform general mappings should be similar to the existing
> ldb_map module which is currently disabled and needs to be perform
> asynchronously.  For looking at them, I'll have to bug Jelmer about
> the mapped/fallback database distinction.
I'd very much like to discuss some of this with you and making sure you
don't fall into the same traps I did :-)

> There's also the issue of using JavaScript for mappings.  ldb_messages
> can be expressed easily in JavaScript (conversion is defined in
> mprutil.c), and mappings of add and modify requests could be expressed
> as easyily with functions mapping messages to messages, so using
> JavaScript for mappings makes sense.
It would be nice to allow more than one possible language - i.e. leave
the option open to support Python or C instead of JavaScript.

> Search requests seem harder because (i) ldb_parse_trees can't be
> converted to JavaScript yet and (ii) both the request and the response
> would beed mapping.
> 
> To support mappings in JavaScript I see several possible ways:
> 
>   1) Extend ldb_map to support JavaScript objects in
>      ldb_map_attributes.
>   2) Create a new module that supports mapping via JavaScript,
>      possibly loading sources from a special folder (ala
>      ldb_try_load_dso).
I'd prefer keeping the mapping logic and the language bindings separate
- that'd make it easier to support other languages.

>   3) Extend ldb_modules to support writing complete LDB modules in
>      JavaScript.  This could be done by allowing ldb_module_ops to be
>      JavaScript objects or contains JavaScript functions instead of C
>      function pointers.
This will probably be a dependency hell, making LDB require JavaScript
which would make it hard to use LDB stand-alone (unless, of course, you
add this functionality as a LDB module somehow...)
 
Cheers,

Jelmer
-- 
Jelmer Vernooij <jelmer at samba.org> - http://samba.org/~jelmer/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060606/4d02e644/attachment.bin

More information about the samba-technical mailing list