[Fedora-directory-devel] Samba4 onto Fedora DS

Andrew Bartlett abartlet at samba.org
Wed Aug 23 01:11:17 UTC 2006 

On Tue, 2006-08-22 at 17:54 -0700, Pete Rowley wrote:
> Andrew Bartlett wrote:
> 
> On Tue, 2006-08-22 at 15:35 -0700, Pete Rowley wrote:
> 
> >>Why not deal with the specific problems that arise when /adding/ the AD 
> >>    
> >>
> >>schema? I'm guessing that would be a shorter list?
> >>    
> >>
> >
> >Because the AD schema is a whole schema, not just some extra
> >attributes/objectClasses, I need to be able to replace 'person', and
> >many other classes that Microsoft has modified.  
> >
> >Once I start replacing classes, I need to know the list of 'if I replace
> >this, bad things happen'.
> >  
> >
> The problem is the list of broken things is open ended. Perhaps we 
> should drill down on a specific example (like the "person" objectclass 
> and associated attributes) and look at what is different. At least that 
> will make sure we are all talking about the same thing and the folks on 
> the list might have more targetted suggestions.
> 
> Though, I thought the plan was to make the DS look like AD through 
> Sambas lens?  Are we just talking about an interim development situation 
> until you add the "lens"? If so, I say break what you like. Otherwise I 
> would have big concerns about integration with existing DS deployments.

Yeah, at the moment I'm looking at DS as a replicating (transactional?)
LDAP-speaking backend, which clients will never talk to.  All clients
will use the Samba lens (as you so very well put it).  

Currently, the lens (written for OpenLDAP) maps entryUUID <->
objectClass, canoncalises objectSid and objectCategory and maps some
timestamps.

Once I get that working, I'll start ramping up the lens power:  the
obvious next step is to map attributes to the same attributes used in
the winSync plugin.  

Integration with existing DS deployments is a very, very long way off,
but is clearly the holy grail.  I want to start by getting the parts to
talk together at all :-)

I suspect I'll just need to figure out what I can remove/must keep by
trial and error.  The problem with this is any attributes in the class
of 'used by the directory, but it will still start up and appear to
operate', which was part of the reason for my initial enquiry. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/389-devel/attachments/20060823/c700f7d1/attachment.bin

More information about the 389-devel mailing list