Realistic Timeline

Howard Chu hyc at highlandsun.com
Wed May 22 08:01:49 MDT 2013 

Scott Lovenberg wrote:
> On 5/21/2013 8:07 PM, Andrew Bartlett wrote:
>> On Wed, 2013-04-17 at 14:58 -0700, Howard Chu wrote:
>>> Hey there list, Andrew... I keep meaning to have this discussion with Andrew
>>> and then it always slips by, but this time for sure.
>>>
>>> I'll keep this short - my colleagues at Symas want to know what it will take
>>> to bring OpenLDAP up to date to be usable directly by Samba as a first-class
>>> recommended option, not just "yeah that should work but..." I've reviewed some
>>> of the previous discussions on this topic in the archives, but I suspect some
>>> of those points are now out of date.
>>>
>>> I recall that we need to implement LDAP Transaction support, but of course
>>> that's just one of many missing features. Also, are there developers on the
>>> Samba team who can spend some time with us to make sure that what we write
>>> actually fits with how Samba uses things?
>> Just looping back to the top, to fill the list in.
>>
>> I've just had a great chat with Howard about his plans.  He is well
>> aware of the limitations, and why we didn't proceed with this.  I tried
>> valiantly to dissuade him, but he remains as keen as ever! :-)
>>
>> The difference this time is that where before we asked for small changes
>> in OpenLDAP and tried to make it work as much as we could, Howard and
>> Symas is qualified to bring a chainsaw to the OpenLDAP side to add in
>> any an all hooks that an integrated solution might need.
>>
>> For example, he seems open to having OpenLDAP use gensec rather than
>> re-implementing that via raw GSSAPI or SASL.  That safes him a bunch of
>> work and pain, and means any eventual system will be internally
>> consistent for authentication.
>>
>> I'm sure this work will require changes on the Samba side too, but we
>> have had this almost work once before, and Symas proposes to apply
>> significant qualified resources to both the Samba and OpenLDAP sides, so
>> there is hope.
>>
>> I still only give Howard and Symas a 50/50 chance of succeeding, but he
>> is incredibly keen to give this a try, and while I retain my
>> reservations I will do my best not to get in their way.
>>
>> (And if you feel an urge to take on this kind of challenge, I'm sure
>> Symas is going to need some experienced Samba/C/LDAP engineers)
>>
>> Andrew Bartlett
>>
> I vaguely remember the last attempt at this when I was still in college;
> it seemed to me at the time that everyone thought it was going to be
> easier than it actually was.
>
> I was speaking with my boss about the history of OpenLDAP and Samba-4
> just the other day.  He was a bit interested in the possibilities of
> using it as a back end for Samba-4 and I told him, basically, not to
> hold his breath.  But, here we are.
>
> Seeing as the RCs for Samba-4.1 are starting in a few short weeks and
> there's still resources being spent on DRS and async stuff (IIRC, Jeremy
> is still doing some work on that), what's a realistic timeline for this
> work to start appearing in git and being merged?  If the release
> schedule sticks to 9 months, are we talking Samba-4.3?

This question is quite premature, since we haven't fully scoped the work and 
we're still hiring staff. I would say the correct answer is still "don't hold 
your breath."

Samba4/ldb/tdb is going to be the only game in town for quite a while yet. 
Unless you're actually planning to work on the OpenLDAP stuff with us, you 
shouldn't be factoring it into any of your planning. Not at this point in time.

> Good luck, Howard. :)


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the samba-technical mailing list