Google Summer of Code

hotte.schibullek at hotte.schibullek at
Sun Mar 30 10:23:32 GMT 2008

> -----Ursprüngliche Nachricht-----
> Von: "Timo Wingender" <timowi.lists at>
> Gesendet: 29.03.08 23:34:09
> An: Andrew Bartlett <abartlet at>
> CC: samba-technical at
> Betreff: Re: Google Summer of Code

> Andrew Bartlett schrieb:
> > On Thu, 2008-03-27 at 20:01 +0100, Timo Wingender wrote:
> >   
> >> Hash: SHA1
> >>
> >> I like to participate in Google Summer of Code this year. I am 
> >> especially interested in development of samba4 with LDAP-backend. 
> >>     
> >
> > This is a very interesting, but frustrating and painful area.  If you
> > are up for it, then it could be a great contribution, because I'm pretty
> > much burnt out from working on it for so long. 
> >   
> I know ldap is not an easy area. I have some experiences in setting up 
> samba3 with an LDAP. But it is an relative difficult task to set it up 
> and to debug it. You need much knowledge of ldap and samba to set it up. 
> I think this could be much easier.
> I am willing to put much effort in learning more about ldap and samba. I 
> think ldap is the best way to manage users.
> > See my post on the LDAP backend above.  
> >
> >   
> >> But I 
> >> have no overview over the current state of samba4. Reimplementing 
> >> something from samba3 is also a possibility. Any recommendations for a 
> >> small project which can be done in 3 month?
> >>     
> >
> > One interesting but difficult project would be to move the DRSUAPI
> > replication protocols from a one-way demo to a full, tested (ie include
> > multi-server testsuite) two-way replication with AD.  This would include
> > changes to LDB to cope with the increased requirements of DRSUAPI
> > replication (container objects are represented twice, linked attributes
> > need more metadata).
> >

i think the ADS-compability of samba4 has already reached a point 
where most useful things work (no more significant problems to join
win-machines to a domain or administrate samba4-DCs with dsa.msc).
at this stage of development it should be an general question if to re-invent
the wheel again with ldb or consequently move to a standard-ldap-DS and
focus the work an some missing features/extensions (e.g. memberof-overlay
in openldap) to implement the missing ADS-features.

> > Another similar project might be to implement windows 2008 'read only
> > DC' functionality in Samba4.  This might be 'safer' than the two-way
> > replication, but includes a lot of links that we would need to implement
> > to pass off all secrets handling (including RPCs for verifying NTP
> > packets, passwords etc). 

One-way Replication -the normal (delta-)syncrepl-mode in Openldap-
has already everything needed für the 'super-new' w2k8-"feature"
(seems the redmonder guys have at last unterstood the x.500-principles
and advantages of a single rw-master)

another point is, that the DS on the linux/unix-side should be painless usable
and extendable for other opensource-standard-applications.

as howard mentioned before, it might be not the best way
to create a completely new DS application with unknown security
holes, only to follow all the steps of the redmonder guys.

samba4 serves now all xp clients, and xp clients will be the biggest
part of all win-networks for the next 4-5 years, maybe longer. 
openldap or FDS can do nearly all of the replication work in a stable way
either one-way or multi-master. 
so this should be the direction, not drsuapi

> >   
> It sounds much like ldap replication trough samba. Especially the first 
> one. The second says nothing to me. Should replication be done with 
> samba? I thought this is part of the ldap-server. Why doing it in samba too?
> I thought more about the general integration of ldap. I'm not much 
> interested in replication. As I said above in my opinion support of ldap 
> is way to complicated in samba3. I don't know how this is with samba4. 
> But I think there is much to do to make it work out of the box for all 
> users.
> My problem is that the deadline for application is on March 31th. I 
> really want to put much work in it. Even before coding will start. But a 
> the moment I've no idea what have to be done in the current development 
> tree. I have not much time until end of next week. Otherwise I would 
> have an look at the source to get the current state.
> Timo

In 5 Schritten zur eigenen Homepage. Jetzt Domain sichern und gestalten! 
Nur 3,99 EUR/Monat!

More information about the samba-technical mailing list