Andrew Bartlett wrote:
(please forgive the cross-posting to subscriber-only lists)
Howard Chu helpfully wrote up this summary of the meeting we held at the CIFS Workshop on how Samba4 should work with an LDAP backend.
The background is that Samba4 increasingly needs some things that an LDAP server could provide for us. In the short term, we need to add subtree renames to ldb_tdb, but OpenLDAP's hdb already provides this for us.
Likewise, we have a desperate need for replication (because any site in need of Samba4's features will want multiple DCs) - and Fedora DS's replication seems like a very good, solid answer. (Sadly it doesn't give us subtree renames...).
Multimaster replication is also in OpenLDAP 2.4 (which is currently still in beta - we're still shaking it down, more testers would probably be helpful at some point).
Another feature we don't yet do schema validation in Samba4, beyond checking that the objectClass list is valid. We need to extend that, but perhaps the LDAP server could do that validation for us?
Right, since LDAP doesn't really depend on schema-aware clients this is the LDAP server's responsibility. (As opposed to X.500, where every agent in the system must be fully schema aware.)