Date: Wed, 23 Aug 2006 11:11:17 +1000
From: Andrew Bartlett <abartlet@xxxxxxxxx>
Yeah, at the moment I'm looking at DS as a replicating (transactional?)
LDAP-speaking backend, which clients will never talk to. All clients
will use the Samba lens (as you so very well put it).
Currently, the lens (written for OpenLDAP) maps entryUUID <->
objectClass, canoncalises objectSid and objectCategory and maps some
timestamps.
I think you meant entryUUID <-> objectGUID. We've done some mapping to
allow OpenLDAP to replicate to AD; it's quite convoluted. There are a
variety of attributes that AD doesn't allow us to write (like
objectGUID) so we retrieve them instead, and stuff them into the
OpenLDAP side.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
