Monday, January 19, 2009

Samba 4 and active directory

"Enterprise networks now have an alternative choice to Microsoft Active Directory (AD) servers, with the open source Samba project aiming for feature parity with the forthcoming release of version 4, according to Canberra-based Samba developer Andrew Bartlett.

Speaking at this year's linux.conf.au Linux and open source conference in Hobart, Bartlett said Samba 4 is aiming to be a replacement for AD by providing a free software implementation of Microsoft's custom protocols.

Because AD is "far more than LDAP and Kerberos", Bartlett said, Samba 4 is not only about developing with Microsoft's customisation of those protocols, it is also about moving the project beyond just providing an NT 4 compatible domain manager."

This is real good for all those companies who are still depending on Windows servers to run their active directory infrasructure. This is also good news for all those developers who like to work on the free software implementations of Microsoft's custom protocols. For those of you who are not familiar with active directory:

Active Directory is a directory service used to store information about the network resources across a domain and also centralize the network.

An 'Active Directory' structure is a hierarchical framework of objects. The objects fall into three broad categories: resources, services, and users (user accounts and groups). The AD provides information on the objects, organizes the objects, controls access and sets security.

Each object represents a single entity — whether a user, a computer, a printer, or a group — and its attributes. Certain objects can also be containers of other objects. An object is uniquely identified by its name and has a set of attributes — the characteristics and information that the object can contain — defined by a schema, which also determines the kind of objects that can be stored in the AD.

Each attribute object can be used in several different schema class objects. The schema object exists to allow the schema to be extended or modified when necessary. However, because each schema object is integral to the definition of AD objects, deactivating or changing these objects can have serious consequences because it will fundamentally change the structure of AD itself. A schema object, when altered, will automatically propagate through Active Directory and once it is created it can only be deactivated — not deleted. Changing the schema usually requires a fair amount of planning

No comments: