Problems creating a Samba4 LDAP Backend

horst schibullek hotte.schibullek at web.de
Wed Mar 26 15:01:58 GMT 2008 

> Samba4 has very peculiar needs as the aim is to provide an AD compatible
> interface to the clients. This is because MS clients are tightly coupled
> and expect certain behaviors that are AD specific. We can't just run a
> generic directory in this case, we either proxy and translate to a
> generic directory or we heavily modify one.

> So far we have basically worked on 2 fronts. One was to make our own
> LDAP implementation based on our LDB database so that we could freely
> experiment and discover exactly what the clients need/want. At the same
> side we developed LDB to be a proxy to a backend directory and created a
> module called ldb_map that could do translation on the fly.
> This second approach is showing the inherent limits it was clear we
> would have met since we started. The point is to decide to what degree
> of compatibility we need to get to.

I have managed to set up a Multi-Master-Replication using 
OpenLDAP 2.4.8 in Mirrormode an Samba SVN Build 26701 (pre alpha 3),
using a seperate ldap-Port (i.e. 9000) instead of ldapi-socket.
The two slapd are replicating fine -though its a small amount
of objects- and it seems to be stable. Replication works good in both
directions.

In my Oppinion its a good (maybe the best) way to continue the Work on using an "real" LDAP
-Backend (FDS or OpenLDAP either) for samba4. As already mentioned in this thread, the OpenLDAP
Overlays are a good point to work on AD-specific implementations/behaviours.


> Personally I am ok with just Windows clients being able to join using
> Kerberos and our Directory, even if some Windows admin tools don't work.

> We have reached this point some time ago already, it is just a matter of
> deciding when we are compatible enough to be satisfied, and start
> stabilizing the code.

> Simo.

_______________________________________________________________________
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 30 Tage
kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220

More information about the samba-technical mailing list