On Fri, 2007-09-28 at 11:16 -0700, Quanah Gibson-Mount wrote:
--On September 28, 2007 10:42:22 AM -0700 Howard Chu <hyc(a)symas.com> wrote:
> Yesterday afternoon at the CIFS Workshop we had a meeting to discuss
> Samba 4's use of LDAP going forward, and what obstacles remained. Among
> the attendees that I can remember were Andrew Bartlett, Andrew Tridgell,
> Simo Sorce, Stefan Metzmacher, and (one more, I've forgotten the name)
> from the Samba team. Nicole Jacque and another (sorry, don't remember the
> name) from Apple/OpenDirectory, Pete Rowley from FedoraDS, and myself and
> Marty Heyman for OpenLDAP and Symas.
> The upshot is that both the Samba and the LDAP sides have work to do, but
> there are no major roadblocks. LDAP will be Samba 4's default/recommended
> data store. As for OpenLDAP, most of what Samba 4 needs is either already
> implemented, or in progress.
> Schema design tends to still be a stumbling block; in a separate
> conversation we discussed some design issues in MIT's new Kerberos schema
> as well as missing features in Heimdal's existing Kerberos schema. That's
> a bit outside this openldap-devel scope but I've committed to working
> with the Samba and Kerberos communities to draft some changes to unify
> these two Kerberos schemas.
Does that mean you are joining the IETF Kerberos WG, which currently has
creating a Kerberos Schema for LDAP as one of its agenda items? I forget
who volunteered to write it, but I can go and look it up if you can't find
it in the archives.
The Kerberos part is probably the least of the problems - for the short
term goals I'm interested in, I wasn't going to try and munge/demunge
microsoft's supplimentalCredentials blob on the fly, so it won't really
be compatible. I'm more interested in the things that can be simply
translated/renamed etc, and the resulting schema mess.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com