OpenLDAP and Samba4

Simo idra at
Sat Apr 20 08:19:44 MDT 2013

On 04/20/2013 06:17 AM, Luke Howard wrote:
> On 20/04/2013, at 7:32 AM, Gémes Géza <geza at> wrote:
>> Sorry to express my own opinion as not a samba team member or regular developer (few small patches doesn't count), but instead of trying to use OpenLDAP as a backend for samba, wouldn't be useful to try to use tdb/ldb as the backend for OpenLDAP and to see what other changes are needed in order to have it listen on 389/tcp and 636/tcp on behalf of Samba, something like the s3fs setup?
> That's not a bad idea: enforce the “business logic” (i.e. SAM constraints, etc) in the actual backend database itself, rather than in the layer between the protocol and the backend database. (We did something similar, but much simpler, with the NetInfo backend for OpenLDAP some years ago.)
> However: Howard and the OpenLDAP team have invested a lot in backend database design (see back-mdb) and I would expect they'd like to leverage this, not just the protocol front-end.

Not only them, I would really like to use OpenLDAP infinitely more 
efficient code for Samba itself.
We do have a working system but it has been always prototype level code 
when it comes to performance, and our focus should be functionality not 
wasting years in performance tuning, especially given that work has 
already been done in OpenLDAP.

I would use LDB as a backend as a transition method and slowly but 
steadily migrate one module after the other into an OpenLDAP overlay.

OpenLDAP also already solved properly multithreading issues, something 
our current LDAP backend is not good at either. So there are many 
reasons to move to a mature technology now that the exploration and 
experimentation phase to find out AD peculiarities is basically over.

We know what we need now, it is mostly not blind development anymore.


More information about the samba-technical mailing list