Should we keep the Samba4 LDAP backend?

Oliver Liebel oliver at itc.li
Sat Apr 2 04:21:19 MDT 2011 


Am 02.04.2011 01:39, schrieb Andrew Bartlett:
> On Fri, 2011-04-01 at 16:27 +0200, Oliver Liebel wrote:
>> Short: Yes.
>>   From my long term experience there are many large installations in big
>> size companys
>> worldwide, that make extensive use of OpenLDAP as a standard LDAP,
>> mostly with coexisting W2KX-ADS.
>> What they all need is an S4 with an (RFC) standard LDAP-backend, or more
>> exactly,
>> they need an customizable, RFC-compatible LDAP-Server with
>> ADS-Capabilities,
>> not only a Replacement for W2K8.
> Oliver,
>
> I wanted to particularly thank you for the efforts you have put into the
> Samba4 LDAP backend.  At a time when we didn't have any hope of reliable
> DRS replication, your assistance in building the OpenLDAP MMR
> configurations gave us some hope of a multi-master samba.
>
> But our great efforts that have been made over many years have simply
> not been enough.  The code may function for some simple deployments, but
> particularly without the safety of transactions we could never recommend
> it for production.
>
> In the past year we have seen no development of this code, beyond making
> the selftest partially work, and at the same time we learnt more about
> how much harder this would be to finish.
>
> Andrew Bartlett


Andrew,

thanks for your answer.

I know that creating a working Replication S4/OL <-> ADS is by far one of the biggest challenges in this
Scenario, that we havent resolved over the past years, not only because DRSUAPI and Syncrepl/RFC 4533
are totally different Replication Mechs.

But I think -because of the above listed reasons-  the work on the external LDAP Backend should be
continued (if time and resources are avilable), or at least just freezed until some missing features 
are avilable/developed,
exactly:

- The needed Transaction-Safety (Protocol-based Transaction Support, not by BDB as now)
will be implemented in OL 2.5.

- A DirSync-based "Single-Shot"/ Master-Slave - Replication Mech (e.g. implemented as an Overlay for 
this Function)
could be a Solution for many Companys, that dont need permanent Sync between ADS and S4/OL.

Oliver

More information about the samba-technical mailing list