OpenLDAP and Samba4

[Jeremy Allison]

On Fri, Apr 19, 2013 at 01:14:06PM -0700, Matthieu Patou wrote:

> The biggest part of our "LDAP" code is in the ldb modules unless I
> misunderstood something and either with tdb or openldap as the
> backend we will have to support this.

I'd still rather that code be in OpenLDAP rather
than Samba :-).

> Ok I want to see what is the proposal but if it's "just" to have
> openldap as the backend for ldb database I think it has almost no
> value.

No, I don't think just remoting stuff is what
we want. We want better integration - both
sides will need to change.

> Let me restate that we need to understand why this has value for us
> or/and our users and this has to be tangible.
> Ok in computer science everything is possible the question is what
> is the piratical solution for this. So this must be addressed and a
> quite detailed proposal has to be made.

Yep. This conversation is meant not as a "we'll do
this tomorrow" kind of thing, more of a "how do we
get there" conversation.

When I spoke to Howard I made it clear that this
wasn't in the 4.0.x timeframe, nor even in the 4.1.x
timeframe - more likely a Samba 5.x release, however
I still think it's a good goal to move towards.

> If I take the example of Bind9 which is not completely a 1st class
> citizen DNS server, we are "supporting" version 9.8 (n - 1) and
> version 9.9 (version n) not all the distribution have the version
> 9.8 (debian stable has 9.7 for the moment) and most of the "server
> class" distro has only 9.8.

Bind hasn't offered resources to work directly
with us to make them our "preferred" DNS server,
OpenLDAP have. That's the difference to me :-).

> Back to Openldap it would mean that we would have to test on the
> stable version and on the latest dev one and cross the finger to not
> require too much the features in the dev version.

I think it's fine to prototype this in dev versions
of both Samba and OpenLDAP. This is going to take
a while if we can get there at all.

Jeremy.