OpenLDAP backend for Samba

Nadezhda Ivanova nivanova at samba.org
Wed Jun 6 11:41:15 UTC 2018 

Hi Team,

The current progress on Symas's OpenLDAP as a backend, or rather, on 
LDAP server for Samba is now publicly available at 
git at github.com:Symas/samba_overlays.git

The code is highly experimental, some of it hasn't been tested - we have 
only recently given up the idea of gradual replacement of Samba ldb 
modules, which proved impossible because of their interdependence, and 
started to test new code directly from OpenLDAP. A lot of the modules 
are investigation on how it is possible to re-use samba libraries inside 
OpenLDAP, mostly libcli/security.

Currently the modules live in contrib/slapd-modules/samba4. Everything 
is subject to change, improvement, suggestions or contributions, 
possible even the structure of the modules themselves.

I realize they should have been a subject of a talk at the SambaXP, but 
I wasn't able to submit one during the call for papers, so maybe next year.

As you can see, we have been experimenting with things like loading the 
AD schema in OpenLDAP during Samba provisioning, which means we can drop 
object class and attributes mapping, with SD creation and access checks, 
the creation of some attributes like objectGuid and ObjectSID, etc.

Thw way we used to work until recently is - provision Samba with the 
legacy OpenLDAP backend, then enable the overlay being tested, start 
OpenLDAP and execute some requests. This, however, is no longer possible 
as the legacy OpenLDAP backend has been completely broken for a while 
now, and we will need to reconcider the possible way Samba would 
communicate with OpenLDAP.

We have a Samba repository with very old Samba code that we still use. 
It has some patches, but ti this point not a lot of changes have been 
made to Samba itself. Mostly we needed the libcli/security library to be 
public, and some changes have been made to the provisioning script. None 
of these have been proposed to the list, as they are just a working 
version for now and not a final one.
The repository in question is this:
git at github.com:Symas/samba.git


I am at SambaXP until Friday morning if you'd like to ask me something, 
or just write, although I may be out of contact occasionally next week.

Best Regards,
Nadya

More information about the samba-technical mailing list