OpenLDAP and Samba4

Gémes Géza geza at
Fri Apr 19 23:32:23 MDT 2013

> On Fri, Apr 19, 2013 at 01:14:06PM -0700, Matthieu Patou wrote:
>> The biggest part of our "LDAP" code is in the ldb modules unless I
>> misunderstood something and either with tdb or openldap as the
>> backend we will have to support this.
> I'd still rather that code be in OpenLDAP rather
> than Samba :-).
>> Ok I want to see what is the proposal but if it's "just" to have
>> openldap as the backend for ldb database I think it has almost no
>> value.
> No, I don't think just remoting stuff is what
> we want. We want better integration - both
> sides will need to change.
>> Let me restate that we need to understand why this has value for us
>> or/and our users and this has to be tangible.
>> Ok in computer science everything is possible the question is what
>> is the piratical solution for this. So this must be addressed and a
>> quite detailed proposal has to be made.
> Yep. This conversation is meant not as a "we'll do
> this tomorrow" kind of thing, more of a "how do we
> get there" conversation.
> When I spoke to Howard I made it clear that this
> wasn't in the 4.0.x timeframe, nor even in the 4.1.x
> timeframe - more likely a Samba 5.x release, however
> I still think it's a good goal to move towards.
>> If I take the example of Bind9 which is not completely a 1st class
>> citizen DNS server, we are "supporting" version 9.8 (n - 1) and
>> version 9.9 (version n) not all the distribution have the version
>> 9.8 (debian stable has 9.7 for the moment) and most of the "server
>> class" distro has only 9.8.
> Bind hasn't offered resources to work directly
> with us to make them our "preferred" DNS server,
> OpenLDAP have. That's the difference to me :-).
>> Back to Openldap it would mean that we would have to test on the
>> stable version and on the latest dev one and cross the finger to not
>> require too much the features in the dev version.
> I think it's fine to prototype this in dev versions
> of both Samba and OpenLDAP. This is going to take
> a while if we can get there at all.
> Jeremy.
Sorry to express my own opinion as not a samba team member or regular 
developer (few small patches doesn't count), but instead of trying to 
use OpenLDAP as a backend for samba, wouldn't be useful to try to use 
tdb/ldb as the backend for OpenLDAP and to see what other changes are 
needed in order to have it listen on 389/tcp and 636/tcp on behalf of 
Samba, something like the s3fs setup?


Geza Gemes

More information about the samba-technical mailing list