[Fedora-directory-devel] Fedora Directory and Samba4

Andrew Bartlett abartlet at samba.org
Thu Nov 10 01:59:30 UTC 2005 

On Wed, 2005-11-09 at 18:21 -0700, Richard Megginson wrote:
> Andrew Bartlett wrote:
> 
> >On Tue, 2005-11-08 at 19:33 -0700, Richard Megginson wrote:
> >  
> >

> >>I think you mentioned something about ldb - is that an "ldap 
> >>backend"?  
> >>    
> >>
> >
> >ldb is two things:  It is a tdb-based flat-file database with ldap
> >properties, and it is a LDAP client implementation behind the same
> >interface.  As such, we can in theory direct any database to be backed
> >either by LDAP (with some very large assumptions about the layout of the
> >ldap server, and it's behaviour) or the flat file.
> >
> >The work to be done here is to define those assumptions, and determine
> >which side of the LDAP socket should modify the queries to make the
> >other side's job easier.
> >  
> >
> Based upon your and Pete's recent emails, it seems that the schema/DIT 
> translation would have to be done on the Samba side.  

Most of it, certainly.  I expect that the eventual solution will be a
bit of both, because some things will need to be in the data store, and
other things will just be too expensive to handle on Samba's side.  But
basically, that is correct.

The main issue is in transactions for the write operations:  Do you have
transactions?  A number of the operations we do imply changes across
multiple records, so if Samba was to handle it, it would need to have a
transaction.  If FDS was to handle it, we would need to write a module
there.

> That is, it 
> doesn't sound like an LDAPv3 compliant server would be able to handle 
> the "raw" LDAP from a Windows client.  Perhaps as an ldb "plug-in"?  
> That is, Samba would have to map the outgoing (to FDS or other ldap 
> server) attributes/objectclasses to the more standard LDAP IETF ones.  

Exactly.

> Is this something you guys already have, or does ldb already do this?  
> Is this some code you would like some assistance with?

ldb has a good modules layer, for doing exactly this.  We of course need
help in the implementation of modules, and in everything else (we are a
very small team on Samba4, and could certainly do with assistance from
those with more of an LDAP background).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20051110/15bc2d73/attachment.sig>

More information about the Fedora-directory-devel mailing list