> I'm trying to pick up the ball again on the OpenLDAP and Fedora DS > backends, and hopefully to bring them back up to speed as a working and > respectable solution. > > LDB will always be the Samba Team's primary backend for Samba4. This is > particularly the case as there seems no reasonable prospect that we will > do DRS replication against the OpenLDAP or FedoraDS backeed. (This > simplifies the requirements dramatically). > > However, we do need them to work, as far as practical, for the rest of > Samba4's DC functionality. The things I need soon from the backends > are: > > - a replacement for the Samba4 rdn_name module. For OpenLDAP I have > tried out ITS#6055 but it fails, sadly. > http://www.openldap.org/its/index.cgi/Development?id=6055;selectid=6055 I've just sent you a fix <http://www.aero.polimi.it/masarati/Download/pierangelo-masarati-2010-03-30-rdnval.2.c> (OpenLDAP's ftp says "disk full"). We also need to discuss a rationalization of Samba 4 support, as I wonder whether piling up overlays that are specifically meant for one setup is the good choice, or we'd better integrate them in a (few) single module(s). p. > I don't know of any comparable effort in Fedora DS. > > - A RID allocation tool. Fedora DS has the 'distributed numeric > assignment' plugin, and I'm sure it will be no challenge for OpenLDAP to > match it. Safely adding new users to an OpenLDAP backend really does > need a safe way to allocate RID values. > > - A way to invoke slpad -Ttest -f <config file> -F <config dir> without > issuing errors because of the missing databases > > - Transaction support. While most of the transaction-aware tasks in > Samba have now been either pushed off as 'too hard on LDAP' or into > modules that are now in the LDAP backend, we still do need transactions > over LDAP. > > - A way to easily detect that we have OpenLDAP or Fedora DS installed > on the system, and what it's version is. Once we have that, we could > start trying to run at least some of Samba4's tests against such a > backend regularly (and stop breaking it so often). > > - Some help debugging the existing 'make test' failures! > > To address a broader range of use cases, I'm looking forward to the work > Endi has promised for a 'ldap backend config file' as input to > provision. Hopefully this will reduce the options we have to present to > users on the provision command line. > > (Apologies in advance for the cross-post to multiple member-only lists, > but I just wanted to get everyone on the same page). > > Thanks, > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Cisco Inc. > > -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
