deprecate pdb_ldap and "NT4-like" domains in Samba 4.13 to allow removal for Samba 4.14 in March 2021?

Alexander Bokovoy ab at
Tue Jun 16 09:53:50 UTC 2020

On ti, 16 kesä 2020, Andrew Bartlett wrote:
> On Tue, 2020-06-16 at 11:26 +0300, Alexander Bokovoy wrote:
> > What is required from FreeIPA side is a set of operations to provide
> > implementation of PASSDB interfaces that deal with searches:
> >  - search users
> >  - search groups
> >  - search aliases
> Can you do that on the FreeIPA side?  pdb_ipa isn't in the Samba tree,
> could you handle the maintenance of the code it depends on?
> Presumably you have plenty of other ldap client stuff on the FreeIPA
> side of the fence you could plug into?

So basically you are saying that you don't care how FreeIPA would handle
integration to Samba PASSDB, neither you care about PASSDB being
testable and used. Is that right?

My concern is that you are looking to deprecate interfaces without
providing sufficient functionality to handle those needs, neither
acknowledging existing proposed replacements need to be improved before
even considering them.

Outside of FreeIPA, most of home storage devices built on top of
Synology, for example, rely on pdb_ldap. There is support and
integration for Samba AD DC to be run on Synology but there is a
separate LDAP Server component and an integration with that one for
Samba requires use of pdb_ldap.

As far as I understand, same feature and support is available in QNAP

I personally don't think it makes sense to deprecate pdb_ldap now.
Instead, I hope to look into improving its test coverage now that we
have a good way to create test environments and use them in CI.

/ Alexander Bokovoy

More information about the samba-technical mailing list