[Fedora-directory-devel] Fedora Directory and Samba4

Richard Megginson rmeggins at redhat.com
Thu Nov 10 01:21:29 UTC 2005 

Andrew Bartlett wrote:

>On Tue, 2005-11-08 at 19:33 -0700, Richard Megginson wrote:
>  
>
>>Andrew Bartlett wrote:
>>
>>    
>>
>>>>3) Configure Samba4 to use FDS as it's database
>>>>   
>>>>
>>>>        
>>>>
>>>This is where I want to go.  I hate 'sync' systems with a passion, so I
>>>want Samba4 to use FDS as much as possible.  We can then provide KDC and
>>>Windows Domain services on top of your database.
>>> 
>>>
>>>      
>>>
>>That would be our choice as well.  So how would this work?  Samba would 
>>not use its built-in database, but would use FDS?  And use LDAP as the 
>>interface?  
>>    
>>
>
>Yes.  Indeed at a very conceptual level it would be much as Samba3 can
>use FDS now.
>
>  
>
>>I think you mentioned something about ldb - is that an "ldap 
>>backend"?  
>>    
>>
>
>ldb is two things:  It is a tdb-based flat-file database with ldap
>properties, and it is a LDAP client implementation behind the same
>interface.  As such, we can in theory direct any database to be backed
>either by LDAP (with some very large assumptions about the layout of the
>ldap server, and it's behaviour) or the flat file.
>
>The work to be done here is to define those assumptions, and determine
>which side of the LDAP socket should modify the queries to make the
>other side's job easier.
>  
>
Based upon your and Pete's recent emails, it seems that the schema/DIT 
translation would have to be done on the Samba side.  That is, it 
doesn't sound like an LDAPv3 compliant server would be able to handle 
the "raw" LDAP from a Windows client.  Perhaps as an ldb "plug-in"?  
That is, Samba would have to map the outgoing (to FDS or other ldap 
server) attributes/objectclasses to the more standard LDAP IETF ones.  
Is this something you guys already have, or does ldb already do this?  
Is this some code you would like some assistance with?

>  
>
>>One thing to keep in mind is that we do not yet have support 
>>for ldapi, but I don't think it would be hard to add.
>>    
>>
>
>Actually, neither does Samba4 (we switched from openldap client libs to
>our own, so lost that as well).  It would be very worthwhile adding to
>both.
>
>Andrew Bartlett
>
>  
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-devel mailing list
>Fedora-directory-devel at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20051109/40b43fe2/attachment.bin>

More information about the Fedora-directory-devel mailing list