[PATCH] Provisioning external LDAP server

Endi Sukma Dewata edewata at redhat.com
Wed Feb 17 18:48:21 MST 2010


----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> > > Even for your external LDAP server case, is there actually a need for
> > > the LDAPi socket to be in a different location?
> > 
> > Not really, but if you run the backend on a separate machine you might
> > want to use LDAP or LDAPS instead of LDAPI, for example:
> > 
> >    ldap url = ldap://ldap.example.com
> > 
> > If you don't specify the ldap url it can default to ldapi://${home}/ldapi.
> Sure.  But do you need that for what you are doing?  I'm trying to avoid
> adding that option until someone gives me a reason why it's needed. 

The main reason is we're using LDAP servers that are still under development.
Running the LDAP server in a separate folder or separate machine can help
isolate problems with the LDAP server itself. For example, it would be easier
to run the LDAP server under gdb then run Samba test on it. Using the patches
that I've submitted previously I was able to run Samba test with external
OpenLDAP and found what seems to be a bug in OpenLDAP (still need to
investigate further).

You could also use this to compare different LDAP server versions without
reinstalling it. Simply install the LDAP servers on different machines and
point Samba to them. However running on separate machine is more problematic
because the socket wrapper gets in the way. I'll need to investigate this
further when I get to that point.


Endi S. Dewata

More information about the samba-technical mailing list