OpenLDAP and Samba4

Martin Simons martin at
Wed Apr 17 16:29:10 MDT 2013

Dear Howard,

> Hey there list, Andrew... I keep meaning to have this discussion with
> Andrew and then it always slips by, but this time for sure.

Thank you for reraising the issue, because the ldap compliancy of Samba4 
has never stopped worrying me.

Andrew gave me a very polite answer to my post 2013-02-12 at 12:06 +0100:

Thanks for taking the time to write.  We know that this area is of great
concern to administrators, and it is also a great concern to members of
the Samba team.

> I'll keep this short - my colleagues at Symas want to know what it will
> take to bring OpenLDAP up to date to be usable directly by Samba as a
> first-class recommended option, not just "yeah that should work but..."
> I've reviewed some of the previous discussions on this topic in the
> archives, but I suspect some of those points are now out of date.

> I recall that we need to implement LDAP Transaction support, but of
> course that's just one of many missing features. Also, are there
> developers on the Samba team who can spend some time with us to make
> sure that what we write actually fits with how Samba uses things?

Still, like you, I am left with the same feeling that AD compliance 
comes first and LDAP compliance is in the balance and depends on 
additional funding.

I advocate LDAP compliance in the first place and an additional and 
optional AD compliance sponsored by those who feel they should do so. I 
do not get the point of sacrificing Open Standards compliance in favor 
of a company owned standard for a platform that clearly is loosing more 
ground by the day.

This is my original post:

Dear All,

Jeremy Allison had an excellent presentation of Samba4 at Fosdem yesterday.

After his talk I spoke briefly to him about the interoperability between
Samba4 and LDAP, because this seems to exist no longer. The onliest
possibility left is dumping am LDAP database to an ldif file and then 
upload it to the AD compatible Samba4 server.

The issue is towards the LDAP version that Samba4 is compatible with. As 
we know LDAP now uses the Provider Consumer model instead of the Master 
Slave model. Samba now operates on a Master Master principle, the 
standard of which is not clear to me.

Samba4 would have a so called classic mode that would allow to use it as 
a file server still in combination with a standardized LDAP server. This 
feature however needs to be tested more thoroughly it seems, it is not 
proven yet.

The need for a Samba server that interacts is obvious, since the LDAP 
service is used by a abundant number of services that interact with it. 
I name a couple of services I personally have experience with: Zarafa 
mail server and SugarCRM.

I do not want to set the Samba house to fire, because it is very deer to 
me, but I feel a strong interest in having Samba interoperate with the 
standard LDAP service. I want to involve in order to guarantee this in 
the long run.

I will be in Los Angeles as of February 22th in order to attend Scale11 
and I am prepared to meet any of you people up to march 1st, in order to 
see whatever contribution I should make.

Best regards,

+31 6 5156 7029

More information about the samba-technical mailing list