Python scripts on SAMBA4 - Alpha 8

Andrew Bartlett abartlet at
Mon Aug 3 06:39:31 MDT 2009

On Wed, 2009-07-29 at 14:33 -0500, MICHAEL BROWN wrote: 
> > I do have some other questions, if you don't mind:
> > 
> > *) Is it possible, at this time, to compile SAMBA 4 to use SSL binding for LDAP calls to AD?
> >>That should work fine.  I'll shortly remove an unnecessary restriction
> >>avoiding GnuTLS > 2.6. 
> What are the specific compile options within SAMBA 4 - alpha 8 to get this compiled for SSL?

Try --enable-gnutls

> > *) How is the SAMBA team progressing on back-end replication for SAMBA 4 AD?
> >>This can be answered in two different ways, depending on what you are
> >>after:
> >>We can use OpenLDAP for replication.  This makes the whole replication
> >>problem 'someone else's problem'.  The downside is that we are not as
> >>closely tied to our database, and so some aspects of the operation are
> >>not emulated as well (in particular we don't have transactions, so if
> >>things go wrong, we can't assume an auto-cleanup). 
> >>We are also working on DRSUAPI replication, to replicate against
> >>windows.  We have an inbound 'vampire' working for a demo, but there is
> >>still work to do.
> Is the DRSUAPI portion a separate piece of code outside of the SAMBA code base?  Meaning, is this a compilable option
> available in the existing, or somewhere, to test possible SAMBA 4 to SAMBA 4 replica at this time?

We have some of the DRSUAPI code in Samba already, but not a Samba4 server.  There is no Samba4 to Samba4 replica other than the OpenLDAP backend at this time.

> >>When we implement a DRSUAPI server, then we will have native
> >>Samba4->Samba4 replication. 
> Please don't take this the wrong way but how is the development road-map on this piece?  Meaning,
> if not much attention is focused on DRSUAPI/replication, and it could take another 6 months, or longer,
> I may just start looking into going pure OpenLDAP back-end, if that piece is a viable solution.

Frankly, it is hard to say.  But replication is an area we hope to work
on in the next 6 months.  Perhaps the others looking to work in this
area might want to comment.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list