Fedora DS Support

Endi Sukma Dewata edewata at redhat.com
Tue Sep 8 20:31:22 MDT 2009


----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> > 1. During instance creation it will import the SASL mapping for
> >    samba-admin. It's done here because of the schema problem I mentioned
> >    previously preventing adding the mapping via ldapi.
> Is there work being done to fix that?  Even if ldif2db is the right
> approach long term, we should have the schema right. 

Yes, this is the FDS bug that I opened last week for the schema issue:

It's tentatively planned to be fixed in FDS 1.2.3. The solution is still
being discussed because there are some complexities related to upgrading
existing FDS instance.

In my opinion we shouldn't rely on this bug to be fixed in FDS 1.2.x
because it's probably going to be complicated to determine reliably which
version of FDS is installed, whether it has the right schema, and then
make provisioning script to use different methods for different FDS
versions. Instead, we should just use ldif2db that's going to work with
any FDS version. I think it'll make more sense to wait until FDS 1.3.x
if we want to replace ldif2db with a more optimized method. What do you

> > 5. The aci attribute has been removed from Samba schema. It no longer
> >    uses *_fds.ldif files. The ACL is hardcoded in provision.py.
> Can you avoid using LDIF to add that?  If you create a LdbMessageElement
> (and then an LdbMessage to feed to ldb.modify()), and the """text
> string""" syntax, then you should be able to avoid all the escape
> madness in current patch. 

Do you have a short example on how to use these classes? I'm still
new to Python. Thanks!

Endi S. Dewata

More information about the samba-technical mailing list