> On 1 Apr 2025, at 16:57, Alexander Bokovoy <[email protected]> wrote: > >> Does samba query the local-ldap tree on IPA for this to work then? Or do >> samba have it's own mystery database (or cache) as well? > > FreeIPA uses own database driver (passdb module in Samba language) to > provide a backend that looks up proper data in LDAP. > > I'd recommend you to read through FreeIPA design pages. A corresponding > one is this: > https://freeipa.readthedocs.io/en/latest/designs/adtrust/samba-domain-controller.html >
Thank you, a very thorough and enlightening document. Everything we want seems so close, at least with our current one-computer (domain controller) Active Directory trusting the IPA-domain setup. Since we can logon to terminal services, and access file-shares on the windows server with IPA users in the current lab-setup (even things are very hackish), all current Microsoft needs can actually be met from this. Just get that Global Catalogue implemnted! And the last pieces for protocol pairity, and it can be enjoyed by everyone with similar needs. Talking about the Global Catalogue, will we be able to get the prototype that you have up and running to play with, from the current code base? Without to much pain? Do you know about any documents describing its "wonders", or are the best approach just to study a working version from either microsoft or samba with an ldap browser? You talked about another ldap-instance is a pain if you are to use GC in ipa-to-ipa trust? Can’t you just implement it in the in current tree like the samba tree and mirror/replicate it 1-1 to another read-only instance? It sounds like a plausible argument that using GC in the ipa-to-ipa trust case will justify more work on a "perfect" implementation of the AD-to-IPA-trust later. Best regards, Jostein -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
