On Wed, 2005-11-09 at 18:21 -0700, Richard Megginson wrote: > Andrew Bartlett wrote: > > >On Tue, 2005-11-08 at 19:33 -0700, Richard Megginson wrote: > > > > > >>I think you mentioned something about ldb - is that an "ldap > >>backend"? > >> > >> > > > >ldb is two things: It is a tdb-based flat-file database with ldap > >properties, and it is a LDAP client implementation behind the same > >interface. As such, we can in theory direct any database to be backed > >either by LDAP (with some very large assumptions about the layout of the > >ldap server, and it's behaviour) or the flat file. > > > >The work to be done here is to define those assumptions, and determine > >which side of the LDAP socket should modify the queries to make the > >other side's job easier. > > > > > Based upon your and Pete's recent emails, it seems that the schema/DIT > translation would have to be done on the Samba side. Most of it, certainly. I expect that the eventual solution will be a bit of both, because some things will need to be in the data store, and other things will just be too expensive to handle on Samba's side. But basically, that is correct. The main issue is in transactions for the write operations: Do you have transactions? A number of the operations we do imply changes across multiple records, so if Samba was to handle it, it would need to have a transaction. If FDS was to handle it, we would need to write a module there. > That is, it > doesn't sound like an LDAPv3 compliant server would be able to handle > the "raw" LDAP from a Windows client. Perhaps as an ldb "plug-in"? > That is, Samba would have to map the outgoing (to FDS or other ldap > server) attributes/objectclasses to the more standard LDAP IETF ones. Exactly. > Is this something you guys already have, or does ldb already do this? > Is this some code you would like some assistance with? ldb has a good modules layer, for doing exactly this. We of course need help in the implementation of modules, and in everything else (we are a very small team on Samba4, and could certainly do with assistance from those with more of an LDAP background). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
Attachment:
signature.asc
Description: This is a digitally signed message part
