Re-engaging the Samba4 LDAP backend

Andrew Bartlett abartlet at
Sun Apr 4 19:22:51 MDT 2010

On Tue, 2010-03-30 at 19:47 +0200, Oliver Liebel wrote:
> Am 30.03.2010 03:53, schrieb Andrew Bartlett:
> >   - Transaction support.  While most of the transaction-aware tasks in
> > Samba have now been either pushed off as 'too hard on LDAP' or into
> > modules that are now in the LDAP backend, we still do need transactions
> > over LDAP.
> >
> >    
> AFAIK protocol-based transaction support is on the roadmap for OL 2.5.


> >   - A way to easily detect that we have OpenLDAP or Fedora DS installed
> > on the system, and what it's version is.  Once we have that, we could
> > start trying to run at least some of Samba4's tests against such a
> > backend regularly (and stop breaking it so often).
> >    
> just to focus OL, the binary path will differ from
> distro to distro, e.g. debian: /usr/sbin/slapd,   suse: 
> /usr/lib/openldap/slapd
> and "regular" standalone will be /usr/local/libexec/slapd.
> to guess a setup-type (and the according path), a provision.conf-File 
> could be
> a start (see "ldap-distro=" below).

I would rather just have our test system try the usual locations, and
otherwise just skip LDAP backend tests.  

> > To address a broader range of use cases, I'm looking forward to the work
> > Endi has promised for a 'ldap backend config file' as input to
> > provision.  Hopefully this will reduce the options we have to present to
> > users on the provision command line.
> >    
> as i already mentioned a few weeks ago in another thread,
> one goal for future s4-releases should be to minimize the necessary 
> interaction
> during provision  - means: no need to create a (complex) provision 
> string, especially
> with backend-params like ol-mmr.
> an enhancement/simplification could be to put _all_ provision-settings 
> (not only the backend params)
> in a "normal" linux-conf-style file, thats basically 
> syntax/value-checked when
> starting provision (e.g.: provision -f provision.conf) , before the 
> params are applied
> to the procedures inside

I should have mentioned my view on this earlier.  I do *not* support
moving to a config file for a 'normal' install.  Most users just need
to ./provision --realm= --domain= --server-role=

I do support the use of an INI format external file for LDAP backend use
cases.  The use of an INI format file is consistent with the rest of

I hope this clarifies my position on this. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list