Current ideas on kerberos requirements for Samba4

Michael Ströder michael at
Wed May 25 03:49:44 EDT 2005

Andrew Bartlett wrote:
> On Tue, 2005-05-24 at 08:09 -0500, Gerald (Jerry) Carter wrote:
>>I'm not getting into this thread for obvious reasons, but
>>I think this is a very dangerous statement (and assumption)
>>to make. You are claiming to match against AD.  That's a
>>big order from the LDAP side of things.  People will expect
>>you to get the LDAP part right if you are taking it over.
> Indeed, and this is actually something that I do worry about with Samba4
> going forward.

Will Samba4 implement the very same LDAP schema like MS AD? You might
have to since some LDAP-based management applications assuming to access
AD might expect certain schema elements. And maybe you also have to
implement some very special things like handling of attribute
'unicodePwd' etc.

Tough and ugly thing to do...maybe also for legal reasons.

> I do wish we had more directory experts working with the
> team, so we don't make more of a muddle of ourselves in the process.

The LDAP server in Samba4 is on my radar for interoperability tests with
my own tool web2ldap. But I didn't have the time to test it yet. This is
simply a problem of limited spare time. Now if there are many Open
Source LDAP server implementations each of it will not receive enough
testing because spare time has to be divided. But testing by the
community is really essential for success...

Ciao, Michael.

Michael Ströder
E-Mail: michael at

More information about the krbdev mailing list