OpenLDAP and Samba4
martin at webhuis.nl
Wed Apr 17 16:29:10 MDT 2013
> Hey there list, Andrew... I keep meaning to have this discussion with
> Andrew and then it always slips by, but this time for sure.
Thank you for reraising the issue, because the ldap compliancy of Samba4
has never stopped worrying me.
Andrew gave me a very polite answer to my post 2013-02-12 at 12:06 +0100:
Thanks for taking the time to write. We know that this area is of great
concern to administrators, and it is also a great concern to members of
the Samba team.
> I'll keep this short - my colleagues at Symas want to know what it will
> take to bring OpenLDAP up to date to be usable directly by Samba as a
> first-class recommended option, not just "yeah that should work but..."
> I've reviewed some of the previous discussions on this topic in the
> archives, but I suspect some of those points are now out of date.
> I recall that we need to implement LDAP Transaction support, but of
> course that's just one of many missing features. Also, are there
> developers on the Samba team who can spend some time with us to make
> sure that what we write actually fits with how Samba uses things?
Still, like you, I am left with the same feeling that AD compliance
comes first and LDAP compliance is in the balance and depends on
I advocate LDAP compliance in the first place and an additional and
optional AD compliance sponsored by those who feel they should do so. I
do not get the point of sacrificing Open Standards compliance in favor
of a company owned standard for a platform that clearly is loosing more
ground by the day.
This is my original post:
Jeremy Allison had an excellent presentation of Samba4 at Fosdem yesterday.
After his talk I spoke briefly to him about the interoperability between
Samba4 and LDAP, because this seems to exist no longer. The onliest
possibility left is dumping am LDAP database to an ldif file and then
upload it to the AD compatible Samba4 server.
The issue is towards the LDAP version that Samba4 is compatible with. As
we know LDAP now uses the Provider Consumer model instead of the Master
Slave model. Samba now operates on a Master Master principle, the
standard of which is not clear to me.
Samba4 would have a so called classic mode that would allow to use it as
a file server still in combination with a standardized LDAP server. This
feature however needs to be tested more thoroughly it seems, it is not
The need for a Samba server that interacts is obvious, since the LDAP
service is used by a abundant number of services that interact with it.
I name a couple of services I personally have experience with: Zarafa
mail server and SugarCRM.
I do not want to set the Samba house to fire, because it is very deer to
me, but I feel a strong interest in having Samba interoperate with the
standard LDAP service. I want to involve in order to guarantee this in
the long run.
I will be in Los Angeles as of February 22th in order to attend Scale11
and I am prepared to meet any of you people up to march 1st, in order to
see whatever contribution I should make.
+31 6 5156 7029
More information about the samba-technical