On Tue, 2006-08-22 at 17:54 -0700, Pete Rowley wrote:
Andrew Bartlett wrote:
On Tue, 2006-08-22 at 15:35 -0700, Pete Rowley wrote:
>>Why not deal with the specific problems that arise when /adding/ the AD
>>
>>
>>schema? I'm guessing that would be a shorter list?
>>
>>
>
>Because the AD schema is a whole schema, not just some extra
>attributes/objectClasses, I need to be able to replace 'person', and
>many other classes that Microsoft has modified.
>
>Once I start replacing classes, I need to know the list of 'if I replace
>this, bad things happen'.
>
>
The problem is the list of broken things is open ended. Perhaps we
should drill down on a specific example (like the "person" objectclass
and associated attributes) and look at what is different. At least that
will make sure we are all talking about the same thing and the folks on
the list might have more targetted suggestions.
Though, I thought the plan was to make the DS look like AD through
Sambas lens? Are we just talking about an interim development situation
until you add the "lens"? If so, I say break what you like. Otherwise I
would have big concerns about integration with existing DS deployments.
Yeah, at the moment I'm looking at DS as a replicating (transactional?)
LDAP-speaking backend, which clients will never talk to. All clients
will use the Samba lens (as you so very well put it).
Currently, the lens (written for OpenLDAP) maps entryUUID <->
objectClass, canoncalises objectSid and objectCategory and maps some
timestamps.
Once I get that working, I'll start ramping up the lens power: the
obvious next step is to map attributes to the same attributes used in
the winSync plugin.
Integration with existing DS deployments is a very, very long way off,
but is clearly the holy grail. I want to start by getting the parts to
talk together at all :-)
I suspect I'll just need to figure out what I can remove/must keep by
trial and error. The problem with this is any attributes in the class
of 'used by the directory, but it will still start up and appear to
operate', which was part of the reason for my initial enquiry.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
http://samba.org
Samba Developer, Red Hat Inc.
http://redhat.com