10:42 a.m.
Yesterday afternoon at the CIFS Workshop we had a meeting to discuss Samba 4's use
of LDAP going forward, and what obstacles remained. Among the attendees that I can
remember were Andrew Bartlett, Andrew Tridgell, Simo Sorce, Stefan Metzmacher, and
(one more, I've forgotten the name) from the Samba team. Nicole Jacque and another
(sorry, don't remember the name) from Apple/OpenDirectory, Pete Rowley from
FedoraDS, and myself and Marty Heyman for OpenLDAP and Symas.
The upshot is that both the Samba and the LDAP sides have work to do, but there
are no major roadblocks. LDAP will be Samba 4's default/recommended data store. As
for OpenLDAP, most of what Samba 4 needs is either already implemented, or in
progress.
Schema design tends to still be a stumbling block; in a separate conversation we
discussed some design issues in MIT's new Kerberos schema as well as missing
features in Heimdal's existing Kerberos schema. That's a bit outside this
openldap-devel scope but I've committed to working with the Samba and Kerberos
communities to draft some changes to unify these two Kerberos schemas.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
11:16 a.m.
--On September 28, 2007 10:42:22 AM -0700 Howard Chu <hyc(a)symas.com> wrote:
Yesterday afternoon at the CIFS Workshop we had a meeting to discuss
Samba 4's use of LDAP going forward, and what obstacles remained. Among
the attendees that I can remember were Andrew Bartlett, Andrew Tridgell,
Simo Sorce, Stefan Metzmacher, and (one more, I've forgotten the name)
from the Samba team. Nicole Jacque and another (sorry, don't remember the
name) from Apple/OpenDirectory, Pete Rowley from FedoraDS, and myself and
Marty Heyman for OpenLDAP and Symas.
The upshot is that both the Samba and the LDAP sides have work to do, but
there are no major roadblocks. LDAP will be Samba 4's default/recommended
data store. As for OpenLDAP, most of what Samba 4 needs is either already
implemented, or in progress.
Schema design tends to still be a stumbling block; in a separate
conversation we discussed some design issues in MIT's new Kerberos schema
as well as missing features in Heimdal's existing Kerberos schema. That's
a bit outside this openldap-devel scope but I've committed to working
with the Samba and Kerberos communities to draft some changes to unify
these two Kerberos schemas.
Does that mean you are joining the IETF Kerberos WG, which currently has
creating a Kerberos Schema for LDAP as one of its agenda items? I forget
who volunteered to write it, but I can go and look it up if you can't find
it in the archives.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
11:12 a.m.
On Fri, 2007-09-28 at 11:16 -0700, Quanah Gibson-Mount wrote:
--On September 28, 2007 10:42:22 AM -0700 Howard Chu <hyc(a)symas.com> wrote:
> Yesterday afternoon at the CIFS Workshop we had a meeting to discuss
> Samba 4's use of LDAP going forward, and what obstacles remained. Among
> the attendees that I can remember were Andrew Bartlett, Andrew Tridgell,
> Simo Sorce, Stefan Metzmacher, and (one more, I've forgotten the name)
> from the Samba team. Nicole Jacque and another (sorry, don't remember the
> name) from Apple/OpenDirectory, Pete Rowley from FedoraDS, and myself and
> Marty Heyman for OpenLDAP and Symas.
>
> The upshot is that both the Samba and the LDAP sides have work to do, but
> there are no major roadblocks. LDAP will be Samba 4's default/recommended
> data store. As for OpenLDAP, most of what Samba 4 needs is either already
> implemented, or in progress.
>
> Schema design tends to still be a stumbling block; in a separate
> conversation we discussed some design issues in MIT's new Kerberos schema
> as well as missing features in Heimdal's existing Kerberos schema. That's
> a bit outside this openldap-devel scope but I've committed to working
> with the Samba and Kerberos communities to draft some changes to unify
> these two Kerberos schemas.
Does that mean you are joining the IETF Kerberos WG, which currently has
creating a Kerberos Schema for LDAP as one of its agenda items? I forget
who volunteered to write it, but I can go and look it up if you can't find
it in the archives.
The Kerberos part is probably the least of the problems - for the short
term goals I'm interested in, I wasn't going to try and munge/demunge
microsoft's supplimentalCredentials blob on the fly, so it won't really
be compatible. I'm more interested in the things that can be simply
translated/renamed etc, and the resulting schema mess.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
5731
days inactive
5735
days old
2 comments
3 participants
participants (3)
-
Andrew Bartlett -
Howard Chu -
Quanah Gibson-Mount