Date: Wed, 23 Aug 2006 11:11:17 +1000 From: Andrew Bartlett <abartlet samba org>Yeah, at the moment I'm looking at DS as a replicating (transactional?)LDAP-speaking backend, which clients will never talk to. All clientswill use the Samba lens (as you so very well put it).Currently, the lens (written for OpenLDAP) maps entryUUID <-> objectClass, canoncalises objectSid and objectCategory and maps some timestamps.
I think you meant entryUUID <-> objectGUID. We've done some mapping to allow OpenLDAP to replicate to AD; it's quite convoluted. There are a variety of attributes that AD doesn't allow us to write (like objectGUID) so we retrieve them instead, and stuff them into the OpenLDAP side.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/