[Samba] samba4 & ldap?
John Heim
jheim at math.wisc.edu
Fri Nov 18 12:11:17 MST 2011
From: "David Magda" <dmagda at ee.ryerson.ca>
To: "John Heim" <jheim at math.wisc.edu>
Cc: <samba at lists.samba.org>
Sent: Friday, November 18, 2011 12:24 PM
Subject: Re: [Samba] samba4 & ldap?
> On Thu, November 17, 2011 13:34, John Heim wrote:
>> I am confused... Using an ldap server as a backend for samba4 is not
>> recommended? We are primarily a linux shop. We have an ldap database we
>> use for authentication. I can't use that anymore if I switch to samba4?
>
> If you don't need to emulate Active Directory, then you should probably
> just stick with the Samba 3.x series. Samba 3 emulates NT-style domain
> membership and for simply single-password/login infrastructure it should
> be sufficient.
>
> Samba 4 is a bit more ambition that that.
>
> Hopefully/Perhaps one day it will support LDAP back-ends more readily, but
> considering it's still in beta (alpha?), I'd guess such functionality is
> barely on the TODO list (assuming it's even technically possible).
Yeah, I've decided to stick with samba3 for now. I am not suggesting that
the samba4 developers try to enable openldap as a backend. In fact, if they
put it up for a vote, even though we're an openldap shop, I'd vote against
wasting time on it. I'd anticipate that someday, we'd want to switch to
samba4 because Microsoft is going to put out a version of Windows some day
that won't talk to NT-style domains. But I would want to use samba's AD/ldap
server.
We keep all kinds of stuff in our ldap database besides authentication info
but I always considered that wrong. So I wouldn't cry too much if the samba
team didn't bother allowing you to extend the AD schema. And even if they
did, we might not take advantage of it. We might say, "Its about time we put
all that stuff in mysql anyway."
JMHO.
More information about the samba
mailing list