On Thu, 2005-11-10 at 08:22 +0800, Chen Shaopeng wrote: > Andrew Bartlett wrote: > > On Wed, 2005-11-09 at 21:22 -0200, Andreas Hasenack wrote: > > > >>Em Terça 08 Novembro 2005 08:34, Andrew Bartlett escreveu: > >> > >>>>3) Configure Samba4 to use FDS as it's database > >>> > >>>This is where I want to go. I hate 'sync' systems with a passion, so I > >> > >>You have lost me here. Why do you want FDS as your database and not, say, > >>openldap? And what happened to the internal ldap server in samba4? > > > > > > So, Samba4's LDAP server is what will need to be seen by windows > > clients, as they have very, very specific requirements, not met by any > > existing free solutions. > > > > However, Samba has the need for backend storage of it's data, and this > > can either be in a local flat file, or in *another* LDAP server. My > > hope is that this would allow Samba to be a front-end to a larger > > organisational directory, which is where I see FDS fitting in. > > > > (I've not discussed OpenLDAP in this context yet, but no doubt I will > > have similar discussions with interested people on that team at some > > point). > > > > So, if I understand this well, for a fully integrated solution, you are > going to have 2 LDAP servers, one is the internal built-in LDAP server > for storing Windows client stuff, and a second LDAP server (FDS in this > case), for everything. I'm not really talking about storage (but no doubt some data will be stored in samba-specific databases). A better expression would be 'filter for windows client stuff'. In an all-windows environment, only Samba would receive LDAP traffic, and pass it on to FDS in some form. In a mixed environment, both would listen (on different IPs naturally) and would give differently formatted answers to similar questions, to suit each respective client. > If that's the case, why can't you come up with a schema (that can be > added into any standard LDAP server) that will satisfy all Windows > client needs, and put everything into FDS? Sure, and we know it is possible to build such a schema, and all the plugins (XAD has done so on OpenLDAP). But I wonder what would be the point. Why not just run windows, or Samba4 without a backend? Or the current messy sync scripts with real AD? Unfortunately, I understand the schema windows uses is directly incompatible with IETF standards (they modified top) and the required plugins are fairly extensive. I expect that those who have chosen FDS (or indeed any other backend) would have done so because they like to control their directories. I want Samba4 to enable that. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
Attachment:
signature.asc
Description: This is a digitally signed message part
