[Samba] LDAP compatible

Tony Earnshaw tonye at billy.demon.nl
Sat Feb 26 10:07:13 GMT 2005


William Enestvedt:

>> 2: the only stable, recent version of OpenLDAP (as announced by
>> openldap.org) is 2.2.13. OL 2.1.22 is demonstrably buggy and will
>> ultimately fsck up your system. The latest, stable, version of 2.1 is
>> 2.1.30 and even that is deprecated and obsolete (source:
>> openldap.org).
>>
> I thought that Samba 3.0.11 required OpenLDAP 2.2.23...so what's the
> most reliable, most stable combination of the two? (I'm on Solaris 8, if
> that matters.)

Samba 3 doesn't insist on OL 2.2.23; previous versions will work o.k., but
most of them are not adjudged as stable and are probably not suitable for
24x7 production systems. including 2.1.30 with BDB 4.1 backends..

>> Learn that OpenLDAP 2.2.23 needs Sleepycat BDB 4.2.52 (2 x
>> patched), maybe Cyrus SASL 2.1.20. Furthermore, that you need to
>> configure DB_CONFIG to use it at all.
>>
> Well, can you reconcile that with the recommendation I just read to
> use no database for a user like me with a single Samba server that wants to
> pass on all authentication to an Active Directory server per the article
> in the December "SysAdmin" magazine, at www.samag.com/documents/sam0414e/?

For me, LDAP is the starting point. As I wrote, the initial motivation is
production use for authenticating in Unix/desktop logins, e-mail, etc.
with a a single password. There are many other bonuses, too. Samba came
afterward - if it hadn't worked with the already-existent LDAP
infrastructure, it would have been useless.

For *everything* else, if you're not into LDAP, get things (Unix/desktop
logins, e-mail, Samba, whatever) working without a DB first; then try
implementing LDAP into each service by turn.

--Tonni

--
mail: tonye at billy.demon.nl
http://www.billy.demon.nl



More information about the samba mailing list