On 5 April 2013 08:51, Peter <Petros.Listig@fdrive.com.au> wrote:

I wonder whether it means: Samba will not use external LDAP at all (that
would rule it out for me here)

"Very intrusive changes".. to Samba or LDAP?

Does anybody has insight of the "roadmap", especially about the future of
external LDAP sources?

I know that you can make it work, somehow, now. But if it does not have
support by the Samba team it will be fiddly and fragile and you have to
worry about future releases all the time. I am not really keen on that.

I guess you missed Andrew Bartlett's talk on Samba 4 at LUV.

While he did give a talk at LCA2013, he addressed your questions more in the LUV talk (going from memory here).

http://mirror.linux.org.au/linux.conf.au/2013/ogv/Samba_4.0.ogv

In short, AD has a number of requirements on the LDAP server that have never been implemented in openldap or 389, and it seems that they are unlikely to be implemented any time soon (e.g. transaction support among other things). Such features may require major code redesign (if I understand correctly) and upstream weren't at all enthusiastic. So the Samba team had no choice but to implement their own LDAP server.

It is possible to do a single once off import from an existing LDAP server, however running from an existing server is out of the question. As of LCA2013 there were no plans to change this (I doubt this situation has changed).

The Samba 4 team do acknowledge that being able to run against any LDAP server was a feature of previous Samba releases, and the fact this is no longer supported may be a problem for some people.

Also note that if you can upgrade to Samba 4 without enabling AD, and everything will continue to work as is. I assume this means it will continue to work with your existing LDAP servers until you enable AD support.

This is from my recollection of the LUV talk.

--
Brian May <brian@microcomaustralia.com.au>