Date: Tue, 22 Aug 2006 17:54:05 -0700 From: Pete Rowley <prowley redhat com> Andrew Bartlett wrote: On Tue, 2006-08-22 at 15:35 -0700, Pete Rowley wrote:Ultimately, if you need to make a clone of AD in order to satisfy Windows clients, you are going to have to break the existing LDAP standards the same way Microsoft did. You pretty much need bug-for-bug compatibility, otherwise some random MS app will come along later and break. This means doing such ugly things as requiring "cn" to be single- valued, etc. etc. Consider that Microsoft redefines the "top" objectclass to contain a plethora of attributes; it all goes downhill from there. Andrew, I certainly don't envy you the job ahead of you. Eventually, when you finish your work, you'll have another server that is just as broken and non-compliant as Microsoft's. I don't see you having a lot of choice in the matter, you just have to do what you have to do. The MS schema just doesn't coexist with real LDAP...The problem is the list of broken things is open ended. Perhaps we should drill down on a specific example (like the "person" objectclass and associated attributes) and look at what is different. At least that will make sure we are all talking about the same thing and the folks on the list might have more targetted suggestions.>>Why not deal with the specific problems that arise when /adding/ the AD >>schema? I'm guessing that would be a shorter list?> >Because the AD schema is a whole schema, not just some extra >attributes/objectClasses, I need to be able to replace 'person', and>many other classes that Microsoft has modified. >>Once I start replacing classes, I need to know the list of 'if I replace >this, bad things happen'.Though, I thought the plan was to make the DS look like AD through Sambas lens? Are we just talking about an interim development situation until you add the "lens"? If so, I say break what you like. Otherwise I would have big concerns about integration with existing DS deployments.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/