[PATCH] Provisioning external LDAP server

Andrew Bartlett abartlet at samba.org
Wed Feb 17 23:34:19 MST 2010 

On Wed, 2010-02-17 at 20:48 -0500, Endi Sukma Dewata wrote:
> Andrew,
> 
> ----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> 
> > > > Even for your external LDAP server case, is there actually a need for
> > > > the LDAPi socket to be in a different location?
> > > 
> > > Not really, but if you run the backend on a separate machine you might
> > > want to use LDAP or LDAPS instead of LDAPI, for example:
> > > 
> > >    ldap url = ldap://ldap.example.com
> > > 
> > > If you don't specify the ldap url it can default to ldapi://${home}/ldapi.
> > 
> > Sure.  But do you need that for what you are doing?  I'm trying to avoid
> > adding that option until someone gives me a reason why it's needed. 
> 
> The main reason is we're using LDAP servers that are still under development.
> Running the LDAP server in a separate folder or separate machine can help
> isolate problems with the LDAP server itself. For example, it would be easier
> to run the LDAP server under gdb then run Samba test on it. Using the patches
> that I've submitted previously I was able to run Samba test with external
> OpenLDAP and found what seems to be a bug in OpenLDAP (still need to
> investigate further).
> 
> You could also use this to compare different LDAP server versions without
> reinstalling it. Simply install the LDAP servers on different machines and
> point Samba to them. However running on separate machine is more problematic
> because the socket wrapper gets in the way. I'll need to investigate this
> further when I get to that point.

That seems like a very good reason to allow this to be exposed.  I guess
we now see why I insisted on having DIGEST-MD5 rather than just setting
up simple binds or EXTERNAL over ldapi ;-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100218/1ea3225b/attachment.pgp>

More information about the samba-technical mailing list