[Samba] samba4 + OpenLDAP
Hey All, I am trying to setup a samba4 environment with OpenLDAP backend on a Debian 5 server by using the following howto: http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP Everything goes well but when I come at the point of provisioning I get the following output and the provisioning stops. Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi' Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=test,DC=local pdc_fsmo_init: no domain object present: (skip loading of domain details) Adding configuration container naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details) Setting up sam.ldb schema Reopening sam.ldb with new schema naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details) naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details) Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up sam.ldb users and groups Setting up self join Setting up sam.ldb rootDSE marking as synchronized rndc: 'freeze' failed: not found rndc: 'unfreeze' failed: not found See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Traceback (most recent call last): File "setup/provision", line 253, in useeadb=eadb, next_rid=opts.next_rid) File "bin/python/samba/provision.py", line 1561, in provision provision_backend.post_setup() File "bin/python/samba/provisionbackend.py", line 86, in post_setup raise NotImplementedError(self.post_setup) NotImplementedError: > The command i use to provision is: setup/provision --realm=TEST.LOCAL --domain=TEST --server-role='domain controller' --ldap-backend-type=openldap --adminpass='AbCd123' --slapd-path="/usr/local/libexec/slapd" Can someone tell me what is going wrong? Regards Maarten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 + OpenLDAP + Dovecot
Hello Samba list. I have a question which I am unable to find the answer in the world wide web. My current setup I wish to upgrade is as follows: OpenLDAP with user acount information (names, passwords, etc.) against which Linux and Windows clients do authenticate. Cyrus with its own user account information (emails, aliases, passwords, etc.). I want to accomplish a setup which gives me to possibility to store all user data in one backend and let all clients authenticate against. So my question now is. Is it possible to setup a samba4 domain controller with openLDAP backend and extend the user data so that I can use kerberos authentication for my windows and linux (ubuntu and debian) clients and let dovecot get its authentication information from the same ldap directory. Also I would like to know if I have to store the userpassword in more than on ldap field (one for kerberos and one for dovecot). If so, how can I keep this two passwords in sync ? I am grateful for any hint. Thanks in advance. Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + openldap: provisioning isnt working
Hi all, I'm experiencing the same problems as this post. the problem is with the slapd.d config files, samba suppose to generate. they aren't there.. and that's why the ldapi won't start up. and that's why the provision fails... i did find a slapd.conf file at the same location, but running slaptest to convert it failed... (overlay deref not found) any tips or suggestions how to proceed ?! Greetz, collen Wiki seems to be out of date here. The wiki reference's [1] [2] a "setup/provision-backend" script, as well as a "setup/provision" script, yet current git only has a setup/provision executable. Some #samba and #openldap IRC advice was that provision-backend wasnt needed anymore, but based off the errors i'm seeing, there's definitely _something_ missing, I just dont know if that something ( /usr/local/samba4/private/ldap/slapd.d/ files ) ought to be provided by the missing setup/provision-backend. [1] http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP [2] http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 Following IRC advice, I attempted to just use the setup/provision script. It didnt work. I added a "[running]" print to provisionbackend.py, to see what it was running, so I could attempt to run slapd as it was running it, with debugging enabled. Heres the result: rekt...@deneb:~/archives/samba/source4$ setup/provision --realm=ELDERGODS.COM --ldap-backend-type=openldap --server-role=dc --domain=ELDERGODS --slapd-path='/usr/sbin/slapd' [running] '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Traceback (most recent call last): File "setup/provision", line 213, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File "bin/python/samba/provision.py", line 1257, in provision provision_backend.start() File "bin/python/samba/provisionbackend.py", line 252, in start raise ProvisioningError("slapd died before we could make a connection to it") -- snip connections_destroy: nothing to destroy. The /usr/local/samba4/private/ldap/slapd.d/ directory is completely empty. I'm not sure what is supposed to populate this, but as can be seen from the above debug logs, the slapd kicked off by setup/provision is definitely expecting there to be contents. This could very well be a result of the missing-in-action setup/provision-backend script. I'll be happy to do some wiki updating if I can get this issue resolved: the OpenLDAP wiki entry's last major work was the Ides of June 2008. Regards, rektide -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + openldap: provisioning isnt working
try a 'ps -A | grep slap' to see if your ldap server is up and running... rektide wrote: Wiki seems to be out of date here. The wiki reference's [1] [2] a "setup/provision-backend" script, as well as a "setup/provision" script, yet current git only has a setup/provision executable. Some #samba and #openldap IRC advice was that provision-backend wasnt needed anymore, but based off the errors i'm seeing, there's definitely _something_ missing, I just dont know if that something ( /usr/local/samba4/private/ldap/slapd.d/ files ) ought to be provided by the missing setup/provision-backend. [1] http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP [2] http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 Following IRC advice, I attempted to just use the setup/provision script. It didnt work. I added a "[running]" print to provisionbackend.py, to see what it was running, so I could attempt to run slapd as it was running it, with debugging enabled. Heres the result: rekt...@deneb:~/archives/samba/source4$ setup/provision --realm=ELDERGODS.COM --ldap-backend-type=openldap --server-role=dc --domain=ELDERGODS --slapd-path='/usr/sbin/slapd' [running] '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Traceback (most recent call last): File "setup/provision", line 213, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File "bin/python/samba/provision.py", line 1257, in provision provision_backend.start() File "bin/python/samba/provisionbackend.py", line 252, in start raise ProvisioningError("slapd died before we could make a connection to it") -- snip connections_destroy: nothing to destroy. The /usr/local/samba4/private/ldap/slapd.d/ directory is completely empty. I'm not sure what is supposed to populate this, but as can be seen from the above debug logs, the slapd kicked off by setup/provision is definitely expecting there to be contents. This could very well be a result of the missing-in-action setup/provision-backend script. I'll be happy to do some wiki updating if I can get this issue resolved: the OpenLDAP wiki entry's last major work was the Ides of June 2008. Regards, rektide -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 + openldap: provisioning isnt working
Wiki seems to be out of date here. The wiki reference's [1] [2] a "setup/provision-backend" script, as well as a "setup/provision" script, yet current git only has a setup/provision executable. Some #samba and #openldap IRC advice was that provision-backend wasnt needed anymore, but based off the errors i'm seeing, there's definitely _something_ missing, I just dont know if that something ( /usr/local/samba4/private/ldap/slapd.d/ files ) ought to be provided by the missing setup/provision-backend. [1] http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP [2] http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 Following IRC advice, I attempted to just use the setup/provision script. It didnt work. I added a "[running]" print to provisionbackend.py, to see what it was running, so I could attempt to run slapd as it was running it, with debugging enabled. Heres the result: rekt...@deneb:~/archives/samba/source4$ setup/provision --realm=ELDERGODS.COM --ldap-backend-type=openldap --server-role=dc --domain=ELDERGODS --slapd-path='/usr/sbin/slapd' [running] '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Traceback (most recent call last): File "setup/provision", line 213, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File "bin/python/samba/provision.py", line 1257, in provision provision_backend.start() File "bin/python/samba/provisionbackend.py", line 252, in start raise ProvisioningError("slapd died before we could make a connection to it") NameError: global name 'ProvisioningError' is not defined rekt...@deneb:~/archives/samba/source4$ rekt...@deneb:~/archives/samba/source4$ rekt...@deneb:~/archives/samba/source4$ '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' -d 32767 @(#) $OpenLDAP: slapd 2.4.17 (Nov 10 2009 19:58:41) $ bui...@nautilus:/build/buildd/openldap-2.4.17/debian/build/servers/slapd ldap_pvt_gethostbyname_a: host=deneb, r=0 daemon_init: ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi daemon_init: listen on ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi daemon_init: 1 listeners to open... ldap_url_parse_ext(ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi) daemon: listener initialized ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi daemon_init: 1 listeners opened ldap_create slapd init: initiated server. slap_sasl_init: initialized! backend_startup_one: starting "cn=config" ldif_read_file: no entry file "/usr/local/samba4/private/ldap/slapd.d/cn=config.ldif" send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=32 matched="" text="" slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. The /usr/local/samba4/private/ldap/slapd.d/ directory is completely empty. I'm not sure what is supposed to populate this, but as can be seen from the above debug logs, the slapd kicked off by setup/provision is definitely expecting there to be contents. This could very well be a result of the missing-in-action setup/provision-backend script. I'll be happy to do some wiki updating if I can get this issue resolved: the OpenLDAP wiki entry's last major work was the Ides of June 2008. Regards, rektide -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 + openldap: provisioning isnt working
Wiki seems to be out of date here. The wiki reference's [1] [2] a "setup/provision-backend" script, as well as a "setup/provision" script, yet current git only has a setup/provision executable. Some #samba and #openldap IRC advice was that provision-backend wasnt needed anymore, but based off the errors i'm seeing, there's definitely _something_ missing, I just dont know if that something ( /usr/local/samba4/private/ldap/slapd.d/ files ) ought to be provided by the missing setup/provision-backend. [1] http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP [2] http://wiki.samba.org/index.php/Samba4/HOWTO/Ubuntu_Server_9.04 Following IRC advice, I attempted to just use the setup/provision script. It didnt work. I added a "[running]" print to provisionbackend.py, to see what it was running, so I could attempt to run slapd as it was running it, with debugging enabled. Heres the result: rekt...@deneb:~/archives/samba/source4$ setup/provision --realm=ELDERGODS.COM --ldap-backend-type=openldap --server-role=dc --domain=ELDERGODS --slapd-path='/usr/sbin/slapd' [running] '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Failed to bind - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' Traceback (most recent call last): File "setup/provision", line 213, in nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File "bin/python/samba/provision.py", line 1257, in provision provision_backend.start() File "bin/python/samba/provisionbackend.py", line 252, in start raise ProvisioningError("slapd died before we could make a connection to it") NameError: global name 'ProvisioningError' is not defined rekt...@deneb:~/archives/samba/source4$ rekt...@deneb:~/archives/samba/source4$ rekt...@deneb:~/archives/samba/source4$ '/usr/sbin/slapd' '-F/usr/local/samba4/private/ldap/slapd.d' '-h' 'ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi' -d 32767 @(#) $OpenLDAP: slapd 2.4.17 (Nov 10 2009 19:58:41) $ bui...@nautilus:/build/buildd/openldap-2.4.17/debian/build/servers/slapd ldap_pvt_gethostbyname_a: host=deneb, r=0 daemon_init: ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi daemon_init: listen on ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi daemon_init: 1 listeners to open... ldap_url_parse_ext(ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi) daemon: listener initialized ldapi://%2Fusr%2Flocal%2Fsamba4%2Fprivate%2Fldap%2Fldapi daemon_init: 1 listeners opened ldap_create slapd init: initiated server. slap_sasl_init: initialized! backend_startup_one: starting "cn=config" ldif_read_file: no entry file "/usr/local/samba4/private/ldap/slapd.d/cn=config.ldif" send_ldap_result: conn=-1 op=0 p=0 send_ldap_result: err=32 matched="" text="" slapd destroy: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. The /usr/local/samba4/private/ldap/slapd.d/ directory is completely empty. I'm not sure what is supposed to populate this, but as can be seen from the above debug logs, the slapd kicked off by setup/provision is definitely expecting there to be contents. This could very well be a result of the missing-in-action setup/provision-backend script. I'll be happy to do some wiki updating if I can get this issue resolved: the OpenLDAP wiki entry's last major work was the Ides of June 2008. Regards, rektide -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 openldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Geoff Scott wrote: | Samba 4 as you can see in the docs that are available, | is very limited in features. There is no security yet, | no management tools yet and no printing support yet. | Contemplating whether it can do what you want when | the early alpha release is ages away is just silly. | | I think this thread should be left to die. For what it's worth, the Samba 4 developers have a goal of alpha releases in the time frame of months, not years. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCkytgIR7qMdg1EfYRAt9fAJwOzo626VVllPFO0OwVaGNQKetNMACfZtzn XIv2Qoz40OEJ2pVrAoKw0X4= =ELL+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba4 openldap
Geoff Scott wrote: > Sorry for the cross posting but I think it's important that the > Openexchange guys see this. > > Tony Earnshaw wrote: >> man, 23.05.2005 kl. 17.50 skrev Caleb O'Connell: I just had the opportunity to give John Terpstra a hit a round the head with the "what the hell is going to happen" stick. He responded by slapping me with a "clue-by-four". I've been doing a little bit to help out on the Samba documentation. And I hit the panic button because I didn't want all the effort that I put into building a Samba domain controller, and looking for obvious mistakes in the docs to be wasted. And it won't be. Basically, Tony, you should be given a slap around the head with a "clue-by-four" as well. Here's a small history lesson. If you take into account (as I already knew) that the reason there was a fork in the Samba code a few years ago. Was that one of the team members wanted to do more experimental, and risky from a business users perspective, things with the Samba code. Tridge didn't want this. From what I have read it would appear that the Samba team members take very seriously their duty of care toward the installed Samba user base. They won't do anything to damage the installations that are already there. Samba 3 took years to release. And during all that time samba 2 was actively maintianed to support the users. Samba 4 as you can see in the docs that are available, is very limited in features. There is no security yet, no management tools yet and no printing support yet. Contemplating whether it can do what you want when the early alpha release is ages away is just silly. I think this thread should be left to die. Regards Geoff Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba4 openldap
Sorry for the cross posting but I think it's important that the Openexchange guys see this. Tony Earnshaw wrote: > man, 23.05.2005 kl. 17.50 skrev Caleb O'Connell: > >> Is there a change however you can just choose a different datastore >> in the config file though? so you can choose to use the built in >> ldap or to just use an openLDAP datastore. The ldap scheme I >> imagine would >> stay the same, just the database itself and the ldap program itself >> ldb samba4 is going to be using. I was just curious for obvious >> reasons. > > There won't be a schema any more. During the weekend I googled for > Samba4 docs and subscribed to the tecchie list. What came up was > enough to ensure that I'll keep my mouth shut about Samba4 and LDAP > until they're there. > UH OH. > There will basically probably be a complete LDAP and total database > rethink (keyword is "ldb"). Unless people are *very* familiar with > OpenLDAP's (2.2 and 2.3) meta backend and proxy concepts, unless the > Samba crew is willing to do it all for one, one'd better forget > everything one ever learned about integrating Samba and any present > OpenLDAP DSE. This leaves me very worried as a sysadmin for a small company. I will explain why further down. > So either go out digging for docs to find out what is going to > overwhelm you, or lie back and be prepared to let it do so ;) > I've dug for docs. I found Tridges recent thoughts on Samba4 on the personal section for him on the samba site a couple of weeks ago. To people of the lay class, such as myself, it doesn't explain much about whether there is going to be some sort of ldap schema translation. It's all as abartlett says in recent posts "I hope" "I think" "maybe", which is very worrying. I've read 2/3 Linux journals where JRA has said, IIRC, that one of the key reasons companies don't adopt samba is due to the corporate reliance on MS Exchange. So for years I have been searching for something that will replace it. The 2 projects that come close to completely replacing MS Exchange are opengroupware.org and openexchange. Both of these projects have a reliance on their own LDAP schemas and POSIX account attributes. I personally chose to use openexchange due to the storage of personal & public addressbooks in LDAP. (which naturally allows plenty of other applications to use them, rather than as OGO does putting them in a "proper" db backend, and yes I know that a very competent sysadmin can expose that db through LDAP. After having read Adam Tuano Williams docs on it, I don't want to go there). Now I have hacked the smbldap tools to allow me to vampire over an old windows NT domain with all of the users having openexchange attributes added to them in ldap automatically. I did this last night and basically the implementation looks fine. So in a week I will start to migrate email accounts over and smarthost the system for the old exchange server and users still on that. But, I will only go ahead if there is going to be a way to keep the integration between these 2 projects going. So please can those on this list tell me with any great detail what will happen with Samba4 and LDAP schemas? Either I jettison this implementation and switch to MS 2003 with Exchange, or other projects find a way to integrate with what the Samba team is doing, or the Samba team finds a way to maintain some sort of compatibility with other FOSS projects using openldap. The only reason I ask is that I would still like to have a job in a year or 2. I don't want to go down the samba / openexchange road. And then get sacked / told to move everything back to Microsoft products by my bosses, because the integrated solution that was a very close fit to a windows domain with MS Exchange, doesn't work anymore. Regards Geoff Scott FWIW. Please find below what a typical user ends up with in LDAP for their user account and private address book: dn: uid=gfhoffice,ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: OXUserObject objectClass: person objectClass: sambaSamAccount cn: gfhoffice sn: gfhoffice uid: gfhoffice uidNumber: 2041 gidNumber: 513 homeDirectory: /home/gfhoffice loginShell: /bin/bash gecos: System User userPassword:: e2NyeXB0fXg= structuralObjectClass: inetOrgPerson entryUUID: 528ef8f0-5fa7-1029-95d2-aae0cf82c0df creatorsName: cn=Manager,ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,d c=au createTimestamp: 20050523072336Z OpenLDAPaci: 1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,stree t,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber ,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givenname,;r,s,c;[ all]#self# givenName: gfhoffice shadowMin: 0 shadowMax: shadowWarning: 7 shadowExpire: 0 mail: [EMAIL PROTECTED] mailDomain: guestshire.com preferredLanguage: EN OXAppointmentDays: 9 O
Re: [Samba] samba4 openldap
On Mon, 2005-05-23 at 11:50 -0400, Caleb O'Connell wrote: > Is there a change however you can just choose a different datastore in the > config file though? so you can choose to use the built in ldap or to just > use an openLDAP datastore. The ldap scheme I imagine would stay the same, > just the database itself and the ldap program itself ldb samba4 is giong to > be using. I was just curious for obvious reasons. The ldb interface allows another datastore to be placed behind what Samba is using, however we will always need to provide the LDAP server that answers requests from windows clients in a Samba4 installation. This is because of the authentication requirements (deeply integrated with AD) on that LDAP server, as well as the need to match other parts of the AD system. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
man, 23.05.2005 kl. 17.50 skrev Caleb O'Connell: > Is there a change however you can just choose a different datastore in the > config file though? so you can choose to use the built in ldap or to just > use an openLDAP datastore. The ldap scheme I imagine would stay the same, > just the database itself and the ldap program itself ldb samba4 is giong to > be using. I was just curious for obvious reasons. There won't be a schema any more. During the weekend I googled for Samba4 docs and subscribed to the tecchie list. What came up was enough to ensure that I'll keep my mouth shut about Samba4 and LDAP until they're there. There will basically probably be a complete LDAP and total database rethink (keyword is "ldb"). Unless people are *very* familiar with OpenLDAP's (2.2 and 2.3) meta backend and proxy concepts, unless the Samba crew is willing to do it all for one, one'd better forget everything one ever learned about integrating Samba and any present OpenLDAP DSE. The explanations I got from the above were, that time is moving on, NT4 (and therefore 2000) is at end of life, and Microsoft's support can be expected to terminate (or at least quickly ebb out). It's important that Samba fully supports the ADS concept of DC authentication and that's not possible with the present mumble_sam constellation.. Even when that is done, the docs I dug up say that the present state of Samba 4 technology will be where Microsoft was 10 years ago (which would take us back to Windows NT 3.5 and its antiquated technology, men skitt la gå). So either go out digging for docs to find out what is going to overwhelm you, or lie back and be prepared to let it do so ;) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth: «Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17. mai feiringen iår, men gjelder sannsynligvis og dette mel mitt). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
Is there a change however you can just choose a different datastore in the config file though? so you can choose to use the built in ldap or to just use an openLDAP datastore. The ldap scheme I imagine would stay the same, just the database itself and the ldap program itself ldb samba4 is giong to be using. I was just curious for obvious reasons. Tony Earnshaw wrote: > lør, 21.05.2005 kl. 14.46 skrev Andrew Bartlett: > >> > > if anyone knows. Will I have the option to use OpenLDAP >> > > still for all the new features so as to be able to use current apps >> > > that >> > > use OpenLDAP already? If anyone has info regarding this, it would be >> > > appreciated. >> > >> > As far as I'm concerned, if Samba suddenly stops working with the >> > site-wide LDAP database that I already use for umpteen other site-wide >> > services, then Samba rots out, not the other services (pam Unix and gdm >> > authentication and login, e-mail, printer quota, etc.) >> >> Discussion about the design of Samba4 is welcome over on the samba- >> technical list. > > I'll subscribe and take a look. > >> Samba4 is taking on a very different tack from previous >> versions, particularly from a database schema perspective (needing to be >> able to express an generalised LDAP server holding an AD-compatible >> schema as one interface). >> >> My hope is that ideas of schema mapping, and meta directory technologies >> will be placed behind the 'ldb' pluggable interaface (which currently >> supports both local db and ldap backends). >> >> But I strongly suspect that existing Samba 3.0 LDAP sites will find a >> migration to an initial Samba4 release quite difficult. > > It would be good to know in what way ... >> We will provide >> migration tools, but if you (rightly) don't want to turn your LDAP >> directory upside down, it will be hard. > > I wonder in what way ... > >> That's why I'm talking about >> schema mapping and metadirectories, we need the directory to look >> different to different clients. > > Thanks for taking the time. > > --Tonni > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
lør, 21.05.2005 kl. 14.46 skrev Andrew Bartlett: > > > if anyone knows. Will I have the option to use OpenLDAP > > > still for all the new features so as to be able to use current apps that > > > use OpenLDAP already? If anyone has info regarding this, it would be > > > appreciated. > > > > As far as I'm concerned, if Samba suddenly stops working with the > > site-wide LDAP database that I already use for umpteen other site-wide > > services, then Samba rots out, not the other services (pam Unix and gdm > > authentication and login, e-mail, printer quota, etc.) > > Discussion about the design of Samba4 is welcome over on the samba- > technical list. I'll subscribe and take a look. > Samba4 is taking on a very different tack from previous > versions, particularly from a database schema perspective (needing to be > able to express an generalised LDAP server holding an AD-compatible > schema as one interface). > > My hope is that ideas of schema mapping, and meta directory technologies > will be placed behind the 'ldb' pluggable interaface (which currently > supports both local db and ldap backends). > > But I strongly suspect that existing Samba 3.0 LDAP sites will find a > migration to an initial Samba4 release quite difficult. It would be good to know in what way ... > We will provide > migration tools, but if you (rightly) don't want to turn your LDAP > directory upside down, it will be hard. I wonder in what way ... > That's why I'm talking about > schema mapping and metadirectories, we need the directory to look > different to different clients. Thanks for taking the time. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
On Sat, 2005-05-21 at 09:27 +0200, Tony Earnshaw wrote: > fre, 20.05.2005 kl. 18.02 skrev Caleb O'Connell: > > > I see that samba4 will have it's own LDAP database. > > Quote your source ;) And exactly what are you inferring? > > > How will the support > > for OpenLDAP be? > > If it's any different from Samba 3, there will be one hell of a to do > with all previously installed bases. Just imagine ... Indeed, Samba4 is a very different project to previous versions of Samba, and it has a very different way of storing it's data. > > if anyone knows. Will I have the option to use OpenLDAP > > still for all the new features so as to be able to use current apps that > > use OpenLDAP already? If anyone has info regarding this, it would be > > appreciated. > > As far as I'm concerned, if Samba suddenly stops working with the > site-wide LDAP database that I already use for umpteen other site-wide > services, then Samba rots out, not the other services (pam Unix and gdm > authentication and login, e-mail, printer quota, etc.) Discussion about the design of Samba4 is welcome over on the samba- technical list. Samba4 is taking on a very different tack from previous versions, particularly from a database schema perspective (needing to be able to express an generalised LDAP server holding an AD-compatible schema as one interface). My hope is that ideas of schema mapping, and meta directory technologies will be placed behind the 'ldb' pluggable interaface (which currently supports both local db and ldap backends). But I strongly suspect that existing Samba 3.0 LDAP sites will find a migration to an initial Samba4 release quite difficult. We will provide migration tools, but if you (rightly) don't want to turn your LDAP directory upside down, it will be hard. That's why I'm talking about schema mapping and metadirectories, we need the directory to look different to different clients. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba4 openldap
fre, 20.05.2005 kl. 18.02 skrev Caleb O'Connell: > I see that samba4 will have it's own LDAP database. Quote your source ;) And exactly what are you inferring? > How will the support > for OpenLDAP be? If it's any different from Samba 3, there will be one hell of a to do with all previously installed bases. Just imagine ... > if anyone knows. Will I have the option to use OpenLDAP > still for all the new features so as to be able to use current apps that > use OpenLDAP already? If anyone has info regarding this, it would be > appreciated. As far as I'm concerned, if Samba suddenly stops working with the site-wide LDAP database that I already use for umpteen other site-wide services, then Samba rots out, not the other services (pam Unix and gdm authentication and login, e-mail, printer quota, etc.) --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba4 openldap
I see that samba4 will have it's own LDAP database. How will the support for OpenLDAP be? if anyone knows. Will I have the option to use OpenLDAP still for all the new features so as to be able to use current apps that use OpenLDAP already? If anyone has info regarding this, it would be appreciated. Thanks. Caleb O'Connell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba