[Samba] Technical questions on AD and NT4
Rowland penny
rpenny at samba.org
Wed Jul 15 20:08:44 UTC 2020
On 15/07/2020 20:33, RhineDevil via samba wrote:
> Could someone show me differences in both groups and users between a full NT4 LDAP schema and a full ActiveDirectory LDAP schema?
I could, but we would be here all night, the AD schema is much larger.
> Is ActiveDirectory fully retrocompatible with NT4?
No
>
> There are plans for supporting again an OpenLDAP backend when LDAPcon objectives will be achieved?
> https://ldapcon.org/2019/wp-content/events/presentations/ni_samba_backend.pdf
That has been worked on for the last 8 years (at least) and it still
doesn't work (not for want of trying)
>
> Why an user in old NT4 schema looks like this:
> dn: uid=myuser,ou=People,dc=mydomain
> while in AD LDAP schema looks like this
> dn: CN=myuser,CN=Users,DC=mydomain ?
Because Microsoft decided it had to be that way.
>
> To what extent is LDB retrocompatible (with abstractions of course) with ldif files made for OpenLDAP, could I import an ldif thought for old NT4 LDAP into LDB?
If you are asking if the AD schema can be extended, then the answer is
very possibly yes, you just need the correct ldifs and to apply them in
the right order. There are schemas available that work without
modification, for others, Samba provides a script to modify a schema to
an AD ldif. You should be aware that extending the AD schema is one way,
you can extend it, but you cannot remove the schema extension, so you
should test any extensions before extending a production domain.
Rowland
More information about the samba
mailing list