On Tue, 2008-06-17 at 18:10 +0200, Oliver Liebel wrote:
> >> I'm still confused by how your KDC ideas fit into this (if you simply
> > mysql-backend of OpenLDAP allows to store/fetch LDAP data to/from
> > MySQL database. It allows arbitrary database schema, and uses a
> > mapping to link LDAP schema field with database tables. It isn't
> > working with dynamic schema changes, but should be just fine for a
> > static schema, that Samba4 uses. I am going to extend Samba4 schema
> > with additional data that may come handy to the users. To actually
> > achieve that, I need to be able to connect to the OpenLDAP directly,
> > which is currently not working with Samba4, because the OpenLDAP acts
> > as backend to Samba4, and Samba occupies LDAP designated ports.
> you can connect directly via -h ldapi://<path to socket> or just use
> another port, e.g.: -h ldap://<ip/fqhn>:9000/
Indeed, and this is how the LDAP backend works now (over LDAPI). You
could also have it listen on an IP alias.
> > I am not close to have enough knowledge about Samba4 internals,
> > to begin patching it, ldb and Heimdal kadmin. And Samba3 netlogon
> > patch taught me to ask before I begin doing anything this big :-)
> > So I am trying to figure out whether (1) my idea is doable, (2) the
> > project needs it. I also understand that the time is scarce for
> > everyone, not insist that my questions are answered and really
> > appreciate all the answers.
> > Thanks for your time, Andrew. Cheers,
I think it is do-able, and using the existing infrastructure. I don't
see a need for drastic modifications like you propose. Just make the
existing, working (I'm told I have to fix a few things, but that will be
resolved shortly) OpenLDAP backend use your custom MySQL schema.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.