OpenLDAP – a new LDAP server for Samba4

Thursday 19th October, from 10.40 to 11.20 AM

The goal of this talk is to present the current status of the OpenLDAP backend for Samba4, first presented at LDAPCon 2015. The development and research effort continues, with the ultimate goal – to combine the powerful, scalable and reliable OpenLDAP server with the AD compatibility of Samba4 and provide a viable, AD compatible LDAP server. This essentially means reimplementation of the AD-specific LDAP Samba modules as OpenLDAP overlays, and relying entirely on OpenLDAP to handle authentication and authorization of LDAP traffic.

In the past 2 years, Samba4 has made some good progress in solving its performance and scalability issues. Work is under way to make Samba’s LDAP server multi-process, and more importantly, performance bottlenecks such as the handling of linked attributes have been revealed and fixed. Samba now has a much better KCC, eliminating the need for a mesh topology, MIT Kerberos support, and most importantly, some of the libraries that are being used in our project are being optimized. These improvements, however, do not eliminate the need for OpenLDAP as a new LDAP server for Samba, but are necessary steps to creating an even better OpenLDAP/Samba symbiosis.

Some changes in the development process have been introduced since 2015. While the initial plan was to start gradually replacing Samba modules from the bottom up (back-end to front-end), the module interdependence made this approach tricky and made individual module testing difficult. Therefore a new approach is adopted – to implement the functionality that allows to direct traffic to OpenLDAP, such as session info and security token creation, and schema load, so that new modules can be tested individually, and implementing modules from both ends of the stack.

The talk will include:

  • Updated project architecture and design – how will OpenLDAP interact with Samba4 protocols and services.
  • Explanation of the current development process.
  • Detailed technical information of the developed features, along with demonstrations when this is possible.
  • Why we think the project is feasible – performance statistics and profiling data.
  • Project roadmap – current accomplishments, challenges and future goals.

Ivanova_LDAPCon2017_samba_backend

Nadezhda Ivanova

A Software Engineer with nearly 15 years experience in the implementation of network protocols and applications in Linux and Linux-based operating systems.
Graduated from AUBG in 2003 with BA in Computer Science, and acquired an MSc in “Distributed systems and Mobile technologies” at Sofia University “St. Kliment Ohridski” in 2016.
She began her career as a developer of network protocols for the embedded operating system of network devices.

Later joined in the development of a Linux-based MS Exchange compatible mail server, which led to her interest and involvement in the Samba4 DS project in 2008. A Samba Team member since 2009, she has been part of the development of LDAP functionality for Samba4, most prominently in the area of authorization.

Currently a Software Engineer at Symas Corporation, working on the OpenLDAP and Samba4 projects.

Back to conference program