[Fedora-directory-devel] Fedora Directory and Samba4

Andrew Bartlett abartlet at samba.org
Thu Nov 10 01:14:08 UTC 2005 

On Thu, 2005-11-10 at 08:22 +0800, Chen Shaopeng wrote:
> Andrew Bartlett wrote:
> > On Wed, 2005-11-09 at 21:22 -0200, Andreas Hasenack wrote:
> > 
> >>Em Terça 08 Novembro 2005 08:34, Andrew Bartlett escreveu:
> >>
> >>>>3) Configure Samba4 to use FDS as it's database
> >>>
> >>>This is where I want to go.  I hate 'sync' systems with a passion, so I
> >>
> >>You have lost me here. Why do you want FDS as your database and not, say, 
> >>openldap? And what happened to the internal ldap server in samba4?
> > 
> > 
> > So, Samba4's LDAP server is what will need to be seen by windows
> > clients, as they have very, very specific requirements, not met by any
> > existing free solutions.  
> >
> > However, Samba has the need for backend storage of it's data, and this
> > can either be in a local flat file, or in *another* LDAP server.  My
> > hope is that this would allow Samba to be a front-end to a larger
> > organisational directory, which is where I see FDS fitting in.
> > 
> > (I've not discussed OpenLDAP in this context yet, but no doubt I will
> > have similar discussions with interested people on that team at some
> > point).
> > 
> 
> So, if I understand this well, for a fully integrated solution, you are
> going to have 2 LDAP servers, one is the internal built-in LDAP server
> for storing Windows client stuff, and a second LDAP server (FDS in this
> case), for everything.

I'm not really talking about storage (but no doubt some data will be
stored in samba-specific databases).  A better expression would be
'filter for windows client stuff'.  In an all-windows environment, only
Samba would receive LDAP traffic, and pass it on to FDS in some form.
In a mixed environment, both would listen (on different IPs naturally)
and would give differently formatted answers to similar questions, to
suit each respective client.

> If that's the case, why can't you come up with a schema (that can be
> added into any standard LDAP server) that will satisfy all Windows
> client needs, and put everything into FDS?

Sure, and we know it is possible to build such a schema, and all the
plugins (XAD has done so on OpenLDAP).  But I wonder what would be the
point.  Why not just run windows, or Samba4 without a backend?  Or the
current messy sync scripts with real AD?

Unfortunately, I understand the schema windows uses is directly
incompatible with IETF standards (they modified top) and the required
plugins are fairly extensive.  

I expect that those who have chosen FDS (or indeed any other backend)
would have done so because they like to control their directories.  I
want Samba4 to enable that.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20051110/ec0bcbc6/attachment.sig>

More information about the Fedora-directory-devel mailing list