[Freeipa-devel] using with samba

Dmitri Pal dpal at redhat.com
Fri Oct 31 14:39:13 UTC 2008 

Hi William,

I need to correct myself a bit. Samba 4 can use different back ends. The 
primary back end it uses is the LDB - internal LDAP style storage. It is 
fast and efficient.
The alternative back end Samba 4 can use is OpenLDAP. This work more 
experimental but OpenLDAP currently seems to be more feature rich from 
the prospective of Samba4 then Fedora DS.
The FreeIPA uses Fedora DS as a back end. For the task of bringing Samba 
4 and IPA together the options would be to try to use one and the same 
back end or synch data if there will be two.
In both cases the mapping of entries, attributes and DITs would be the 
first biggest problem to solve.

Thank you
Dmitri

Dmitri Pal wrote:
> William,
>
> I think the main challenge on this route is overcoming schema 
> differences. This is probably the main issue - mapping attributes in 
> Samba 4 and IPA's back end DS.
> Other problems include that fact that IPA uses MIT kerberos and Fedora 
> DS while Samba is based on Heimdal and OpenLDAP. If you plan to use 
> one and the same back end this would have to be sorted out first. If 
> you plan to use some kind of synchronization between Samba back end 
> and IPA's DS you would need to solve at least mapping problem and then 
> the synchronization itself which is usually a big task. May be using 
> some kind of the virtual directory solution like Penrose for mapping 
> of two structures to each other would be a good starting point.
>
> Thank you
> Dmitri
>
> William Baker wrote:
>> My question was about both, though vague.  For samba 3.2, the 
>> objective would be NT4 domain controller, and for samba 4.0 the 
>> objective would be AD domain controller.
>>
>> I've since narrowed my objective to AD domain controller.  I've been 
>> following the mail list, but haven't been able to characterize the 
>> magnitude of changes going into 4.0 or its usability.  I was hoping 
>> to see another alpha release to use as a starting point.  I think I'm 
>> just going to have to dive into the git repository and see what happens.
>>
>> I haven't done anything on it yet, but I know where to start.  With 
>> any luck, I'll start putting the pieces together later this week.
>>
>> bbaker
>>
>>> On Tue, 2008-10-07 at 10:08 -0500, William Baker wrote:
>>>  
>>>> I would like to get FreeIPA working with Samba.  Where would I 
>>>> start?  My guess is to review the schema requirements for samba.  
>>>> Would 3.2 be a reasonable Samba version to target, or should it be 
>>>> 4.0?
>>>>
>>>> Somebody must know of some show stoppers, otherwise it would work 
>>>> out-of-the-box.
>>>>     
>>>
>>> Are you aiming for an AD domain controller, an NT4 domain controller or
>>> a member (file) server?
>>>
>>> Andrew Bartlett
>>>
>>>   
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

More information about the Freeipa-devel mailing list