|
|
Gémes Géza schrieb:
No, the real point is not to have to move from OpenLDAP based
Posix+Samba+other attributes to Samba4's LDAP server based Samba
attributes+Something else (e.g. flat files :-( ). Instead IMHO a
Samba4 LDAP server based central storage would be the best solution
to this.
this: are my current plans with the samba4 LDAP server:
- use the same authentification schema as the MS ADS server.
that means acls are ntSecurityDescriptors.
- implmenent the directory partition so that replication per partition
is possible.
- it'll use the DRSUAPI multimaster replication,
so it will be possible to have samba4 and w2k(3) dc's together.
- export the LDAP server on ports: 389 (plain) and 636 (ssl)
- export the Global Catalog via LDAP on port 3268 (plain) and 3269 (ssl)
- use the schema partition for managing the schema(like w2k3 do)
- finaly make the use of the MS admin tools possible
- maybe implement the LDAP syncrepl controls to do pull replication with
OpenLDAP
Servers (but maybe only for the samba4:provider openldap:consumer case)
- the server will be able to support plugins for the 'ldapsrv_partition'
interface
so that different implmentation for specific directory partitions are
possible.
For backward compat with old samba3+openldap installations: I think
1.)- we should think about a samba3 like design:
a samr dcerpc server pipe which stores the data in the openldap server.
(and don't activate the samba4 LDAP server in this case)
- and if needed use a directory partition plugin to act as proxy to the
openldap server
2.)- or use a ldb plugin to for the proxing and mapping of the attributes.
--
metze
Stefan Metzmacher <metze at samba.org> www.samba.org
|
|