[soc] External LDAP support in Samba4.

Thu Jun 8 21:43:25 GMT 2006

On 6/6/06, Gerald (Jerry) Carter <jerry at samba.org> wrote:
> Could you give me a one line sentence and to what you
> expect the deliverables to be for M1 (June 28) & M2
> (Aug 4)?  Also how do you propose to validate/verify
> working code?  Will you rely upon existing smbtorture
> tests from the SAMBA_4_0 branch?

I'm not sure about the milestones.  I still feel like I'm not seeing
something important and oblivious to the whole extent of the
mappings...
For validating my code, I think the existing tests will do, although
I'll have to run them against (and be able to start/stop) an OpenLDAP
server.

I sent the following off-list (I should really stop doing that...), it
should give an idea where I currently "am".

Cheers,
 Martin

> [...]
> this time I'd like some feedback on milestones.  This is what I came up with:
>
> * A partition module would be more general, but a module renaming
>   special dns would make an easier first module and should suffice to
>   run modules against an external LDAP server (unless there's
>   something else I'm not seeing).  So that what I plan to start with.
>   I'll gladly help with a partition module later if you like, but not
>   yet.
>
> * I've talked to Jelmer about ldb_map and samba3sam; I think I
>   understand how ldb_map is supposed to work and will try to make it
>   async.  I'm not sure how to handle the two DBs in there yet
>   (w.r.t. asynchronism and transactions), but I'll try and ask when in
>   trouble.
>
> I think these would make a suitable M1 milestone.  Progress could be
> tested by running the samba3sam test suite against an OpenLDAP server
> running the samba3 schema.  I hope I'm not underestimating ldb_map
> here...
>
> That leaves javascript and mappings for the second part, so:
>
> * Mappings are supposed to be the largest part of my work.  Jelmer
>   already did some of these in one direction, I'll add the other
>   direction where necessary (which is only a few cases), then see
>   which parts of the provision are missing.  For grokking schema
>   semantics, some of my $work code should help; I will also set up an
>   AD server with test data there and watch it.
>
> * I'm a little unsure about where javascript fits in best; ldb_map is
>   complex already and shouldn't grow too much IMO, but a different
>   module for mapping with javascript would have to share at least some
>   of the mapping logic.  Unless it tried to do without a fallback
>   database, which might be a bad idea...
>
> I'd like to declare one of these goals optional, but don't know which
> one is preferred.  I think javascript mappings/modules would be more
> interesting to work on, but I also think that mappings are more
> related to my original problem.
>
> Testing should be possible mostly within the current framework; a test
> should parallel the samba3sam test in both cases, just with
> more/different data and possibly an external LDAP backend, and a
> different set of mappings for the javascript case.  That's something I
> think I'd need to add to the current tests: starting, stopping and
> using an OpenLDAP server.
>
> Does that sound reasonable?