LDAP/Samba 4 summary

Howard Chu hyc at symas.com
Tue Oct 2 20:02:58 GMT 2007

Andrew Bartlett wrote:
> (please forgive the cross-posting to subscriber-only lists)
> Howard Chu helpfully wrote up this summary of the meeting we held at the
> CIFS Workshop on how Samba4 should work with an LDAP backend.
> The background is that Samba4 increasingly needs some things that an
> LDAP server could provide for us.  In the short term, we need to add
> subtree renames to ldb_tdb, but OpenLDAP's hdb already provides this for
> us.  
> Likewise, we have a desperate need for replication (because any site in
> need of Samba4's features will want multiple DCs) - and Fedora DS's
> replication seems like a very good, solid answer.  (Sadly it doesn't
> give us subtree renames...).

Multimaster replication is also in OpenLDAP 2.4 (which is currently still in 
beta - we're still shaking it down, more testers would probably be helpful at 
some point).

> Another feature we don't yet do schema validation in Samba4, beyond
> checking that the objectClass list is valid.  We need to extend that,
> but perhaps the LDAP server could do that validation for us?

Right, since LDAP doesn't really depend on schema-aware clients this is the 
LDAP server's responsibility. (As opposed to X.500, where every agent in the 
system must be fully schema aware.)
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

More information about the samba-technical mailing list