[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: LDAP/Samba 4 summary]

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: [Fwd: LDAP/Samba 4 summary]
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 02 Oct 2007 11:12:15 -0700
Cc: Howard Chu <hyc@symas.com>, OpenLDAP-devel@openldap.org
In-reply-to: <A680540E9B524C7137F3103B@deus-ex.zimbra.com>
References: <46FD3CFE.3050008@symas.com> <A680540E9B524C7137F3103B@deus-ex.zimbra.com>

On Fri, 2007-09-28 at 11:16 -0700, Quanah Gibson-Mount wrote:
> 
> --On September 28, 2007 10:42:22 AM -0700 Howard Chu <hyc@symas.com> wrote:
> 
> > Yesterday afternoon at the CIFS Workshop we had a meeting to discuss
> > Samba 4's use of LDAP going forward, and what obstacles remained. Among
> > the attendees that I can remember were Andrew Bartlett, Andrew Tridgell,
> > Simo Sorce, Stefan Metzmacher, and (one more, I've forgotten the name)
> > from the Samba team. Nicole Jacque and another (sorry, don't remember the
> > name) from Apple/OpenDirectory, Pete Rowley from FedoraDS, and myself and
> > Marty Heyman for OpenLDAP and Symas.
> >
> > The upshot is that both the Samba and the LDAP sides have work to do, but
> > there are no major roadblocks. LDAP will be Samba 4's default/recommended
> > data store. As for OpenLDAP, most of what Samba 4 needs is either already
> > implemented, or in progress.
> >
> > Schema design tends to still be a stumbling block; in a separate
> > conversation we discussed some design issues in MIT's new Kerberos schema
> > as well as missing features in Heimdal's existing Kerberos schema. That's
> > a bit outside this openldap-devel scope but I've committed to working
> > with the Samba and Kerberos communities to draft some changes to unify
> > these two Kerberos schemas.
> 
> Does that mean you are joining the IETF Kerberos WG, which currently has 
> creating a Kerberos Schema for LDAP as one of its agenda items?  I forget 
> who volunteered to write it, but I can go and look it up if you can't find 
> it in the archives.

The Kerberos part is probably the least of the problems - for the short
term goals I'm interested in, I wasn't going to try and munge/demunge
microsoft's supplimentalCredentials blob on the fly, so it won't really
be compatible.  I'm more interested in the things that can be simply
translated/renamed etc, and the resulting schema mess.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

Attachment: signature.asc
Description: This is a digitally signed message part

Next by Date: LDAP/Samba 4 summary
Index(es):
- Chronological
- Thread