[SAMBA4] Possible task: LDAP backend improvements

Andrew Bartlett abartlet at samba.org
Fri Apr 3 02:34:19 GMT 2009

It comes to mind that there are a few things that need some work in the
LDAP backend of Samba4, and that they would make a good Summer of Code
project, or perhaps be taken on in parts by other interested onlookers:

The tasks are:

Merge provision-backend and provision

The current two-step process of provision-backend and a separate
provision seems to cause a lot of challenges for folks.  They often get
the required command line arguments wrong, and have to manually start
slapd before we can provision the data.

Similarly, when we provision against Fedora DS, it would prefer to start
the server right away.

An improved provision script would take a path to the slapd binary
(possibly detected at configure time), and incorporate the code in
master/selftest/target/Samba4.pm to generate the modules.conf for the

Then, the python script should start slapd, and watch it for improper
termination.  If it starts (using the command line already suggested,
but only listening on ldapi) and stays started, we should provision it
normally, then shut it down.

Then, knowing everything worked, we can suggest how the user can start
smbd and slapd as required.  (the output of this could be put in a file
that 'make test' can then parse, to ensure it verifies this value).

As a bonus, if it remains possible to test the current provision-backend
code, when a valid OpenLDAP installation is not present, all the better
(help prevent bitrot).

Test OpenLDAP in a normal 'make test'

Detect that OpenLDAP 2.4.15 is present on the system, and it's location.
If so, when 'make test' is run, then 'make quicktest' is additionally
run against the LDAP backend.  

This should help reduce bitrot in the OpenLDAP backend because it fails
to be tested. 

Currently testing against the OpenLDAP backend requires that you run:

TEST_LDAP=yes OPENLDAP_ROOT=/usr/local make test

Most developers don't do this regularly (either because they don't have
the right OpenLDAP, or they don't know about it, or they don't think

Restore the Fedora DS backend

Currently the Fedora DS backend won't even start.  Small details have
changed in both Fedora DS and Samba4, and this code has bit-rotted.  The
task would be to make it pass 'make test' with as few failures as
possible (some are inevitable, as it has a different feature set to

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090403/590866d3/attachment.bin

More information about the samba-technical mailing list