Using Samba to test OpenLDAP's dirsync client implementation
nivanova at samba.org
Thu Jan 3 17:36:30 UTC 2019
Recently, Howard Chu implemented a replication consumer for slapd
against Active Directory, based on the dirsync control, which can
currently replicate users and groups.
If you are curious, it is in the master openldap branch at
It has no bearing on the Samba/OpenLDAP project, it is an independent
We want to setup a test environment for it, and we are thinking of using
Samba domain controllers rather than AD as a test setup.
So, with that in mind, how close is Samba's implementation to that of
AD? Are there any known differences and bugs that we should know about?
Most importantly, how does Samba handle some things that are not
well-defined or seem ambiguous in the MS Documentation?
For example, if we are in the middle of retrieving incremental changes
from one DC in the domain and it becomes unresponsive, in AD we can use
the cookie received from one DC to poll another in the same domain, with
unpredictable results (it is possible to return entries that have
already been sent, for example, or even do a full sync). Does Samba
behave the same way?
Also, how does Samba operate when a single-valued attribute has been
deleted from an entry? AD seems to return the same entry without any
noticeable changes, which makes it impossible to detect which attribute
has been removed. I looked at dirsync.py but didn't see a test for that
scenario, perhaps it is somewhere else?
Symas Corporation http://www.symas.com
More information about the samba-technical