> -----Original Message----- > From: fedora-directory-devel-bounces@xxxxxxxxxx > [mailto:fedora-directory-devel-bounces@xxxxxxxxxx] On Behalf > Of Chen Shaopeng > Sent: Wednesday, November 09, 2005 4:22 PM > To: Fedora Directory server developer discussion. > Subject: Re: [Fedora-directory-devel] Fedora Directory and Samba4 > > So, if I understand this well, for a fully integrated > solution, you are going to have 2 LDAP servers, one is the > internal built-in LDAP server for storing Windows client > stuff, and a second LDAP server (FDS in this case), for everything. Actually I read that to mean they have a simple ldap db implementation which can also act as a proxy onto another ldap server _instead_ of storing things locally. Much like FDS can be made to proxy onto another ldap server. > > If that's the case, why can't you come up with a schema (that > can be added into any standard LDAP server) that will satisfy > all Windows client needs, and put everything into FDS? That would work perfectly if Active Directory acted like a perfect LDAP server. Unfortunately there are so many quirks and oddities* that I imagine the Samba team feel they need to support because AD clients will expect them to. I am not privvy to how closely the Samba team want to mimic AD, but even for some of the simpler things the question is: is it better to put it in the LDAP server where certain efficiencies can be obtained but limit your ability to server hop, or do you try to make any LDAP server look like AD from the proxy client side and pay the additional performance costs. Or perhaps there is middle ground. I suspect it is this that Andrew wishes to explore. *a simple example: most LDAP servers will index the objectclass attribute by default to enable fast searching, AD however does not index objectclass, and further supplies a proprietary attribute (objectcategory) that performs exactly the same function as objectclass (in its entry class distinguishing capacity**), but works slightly differently (i.e. has weird matching rules) and _is_ indexed by default. If you are targetting AD for your client application which would you choose to use? Which do you think MS clients use? Syntax and Matching rules plugins could be written for FDS, but they don't exist now and they represent a deployment obstacle. **the entry class distinguishing capacity of the objectclass attribute is further diminished in AD because according to it, computers are people too.
