Realistic Timeline

Wed May 22 07:39:29 MDT 2013

On 5/21/2013 8:07 PM, Andrew Bartlett wrote:
> On Wed, 2013-04-17 at 14:58 -0700, Howard Chu wrote:
>> Hey there list, Andrew... I keep meaning to have this discussion with Andrew
>> and then it always slips by, but this time for sure.
>>
>> I'll keep this short - my colleagues at Symas want to know what it will take
>> to bring OpenLDAP up to date to be usable directly by Samba as a first-class
>> recommended option, not just "yeah that should work but..." I've reviewed some
>> of the previous discussions on this topic in the archives, but I suspect some
>> of those points are now out of date.
>>
>> I recall that we need to implement LDAP Transaction support, but of course
>> that's just one of many missing features. Also, are there developers on the
>> Samba team who can spend some time with us to make sure that what we write
>> actually fits with how Samba uses things?
> Just looping back to the top, to fill the list in.
>
> I've just had a great chat with Howard about his plans.  He is well
> aware of the limitations, and why we didn't proceed with this.  I tried
> valiantly to dissuade him, but he remains as keen as ever! :-)
>
> The difference this time is that where before we asked for small changes
> in OpenLDAP and tried to make it work as much as we could, Howard and
> Symas is qualified to bring a chainsaw to the OpenLDAP side to add in
> any an all hooks that an integrated solution might need.
>
> For example, he seems open to having OpenLDAP use gensec rather than
> re-implementing that via raw GSSAPI or SASL.  That safes him a bunch of
> work and pain, and means any eventual system will be internally
> consistent for authentication.
>
> I'm sure this work will require changes on the Samba side too, but we
> have had this almost work once before, and Symas proposes to apply
> significant qualified resources to both the Samba and OpenLDAP sides, so
> there is hope.
>
> I still only give Howard and Symas a 50/50 chance of succeeding, but he
> is incredibly keen to give this a try, and while I retain my
> reservations I will do my best not to get in their way.
>
> (And if you feel an urge to take on this kind of challenge, I'm sure
> Symas is going to need some experienced Samba/C/LDAP engineers)
>
> Andrew Bartlett
>
I vaguely remember the last attempt at this when I was still in college; 
it seemed to me at the time that everyone thought it was going to be 
easier than it actually was.

I was speaking with my boss about the history of OpenLDAP and Samba-4 
just the other day.  He was a bit interested in the possibilities of 
using it as a back end for Samba-4 and I told him, basically, not to 
hold his breath.  But, here we are.

Seeing as the RCs for Samba-4.1 are starting in a few short weeks and 
there's still resources being spent on DRS and async stuff (IIRC, Jeremy 
is still doing some work on that), what's a realistic timeline for this 
work to start appearing in git and being merged?  If the release 
schedule sticks to 9 months, are we talking Samba-4.3?

Good luck, Howard. :)