deprecate pdb_ldap and "NT4-like" domains in Samba 4.13 to allow removal for Samba 4.14 in March 2021?

Jeremy Allison jra at
Tue Jun 16 17:29:29 UTC 2020

On Tue, Jun 16, 2020 at 12:53:50PM +0300, Alexander Bokovoy via samba-technical wrote:
> On ti, 16 kesä 2020, Andrew Bartlett wrote:
> > On Tue, 2020-06-16 at 11:26 +0300, Alexander Bokovoy wrote:
> > > What is required from FreeIPA side is a set of operations to provide
> > > implementation of PASSDB interfaces that deal with searches:
> > >  - search users
> > >  - search groups
> > >  - search aliases
> > 
> > Can you do that on the FreeIPA side?  pdb_ipa isn't in the Samba tree,
> > could you handle the maintenance of the code it depends on?
> > 
> > Presumably you have plenty of other ldap client stuff on the FreeIPA
> > side of the fence you could plug into?
> So basically you are saying that you don't care how FreeIPA would handle
> integration to Samba PASSDB, neither you care about PASSDB being
> testable and used. Is that right?

No, I don't think anyone wants that :-). Alexander,
why don't you clarify exactly what you need, and
what you're using in Samba passdb ? That way we
won't accidentally break anything.

> My concern is that you are looking to deprecate interfaces without
> providing sufficient functionality to handle those needs, neither
> acknowledging existing proposed replacements need to be improved before
> even considering them.

Not really. I didn't know you were using them :-).
Let's communicate better.

> Outside of FreeIPA, most of home storage devices built on top of
> Synology, for example, rely on pdb_ldap. There is support and
> integration for Samba AD DC to be run on Synology but there is a
> separate LDAP Server component and an integration with that one for
> Samba requires use of pdb_ldap.
> As far as I understand, same feature and support is available in QNAP
> devices.
> I personally don't think it makes sense to deprecate pdb_ldap now.

Fair enough. But also as I said I didn't know you needed it :-).
It is *very* old and crufty code though - maybe you could
put some resources into helping maintain/update/refactor
it to modern coding practices so it doesn't look so abandoned :-).

> Instead, I hope to look into improving its test coverage now that we
> have a good way to create test environments and use them in CI.

Well that's good to know. But if Synology and QNAP need
this also, then if would be good to hear from them directly
on what their usage requirements are.



More information about the samba-technical mailing list