Samba4 and OpenLDAP

Andrew Bartlett abartlet at
Sun Aug 14 10:12:04 GMT 2005

On Sun, 2005-08-14 at 11:08 +0200, Holger Schmieder wrote:
> Hallo all,
> Volker Lendecke said in an interview with the following:
> We will always support OpenLDAP - but maybe not in first release... 
> I have to findout a solution wich connects an windows machine with 
> CDO to an linux-server with Scalix-Groupware. In fact that CDO is 
> using the epmapper and other RPC-services for authentication my 
> idea was to try this with samba4 - because i saw that the samba 
> team is working verry hard on the msrpc-implementation. Now i 
> played araound a little bit with samba4 and saw that the internal 
> ldap-server looks like an AD-Contoller. Thats pretty fine, but now 
> i have to findout two things to bring my demand forward:
> 1. i have to map the samba4-ldap to another port because 389 needs 
> the Scalix
> 2. i have to store the user-accounts in OpenLDAP because Scalix is 
> authenticating against OpenLDAP 

Specifically against OpenLDAP, or against an LDAP server in general?

> 3. All of them must be (because of CDO) on the same machine: Scalix 
> on 389, OpenLDAP on 398 and sama4-ldap anywhere.
> Now my questions:
> - Does anybody tried to store the user in openldap tougehter with 
> samba4 ? - How to do this ?

This question means many different things, depending on what you care
about.  Firstly, Samba4 includes a backend which allows it to back on to
either a tdb, or an LDAP server.  We demonstrate this in some of our
tests (by backing an LDAP server on a tdb, then backing the rest of
Samba4 to that LDAP server).

However, the implementor wishing to back Samba4 onto OpenLDAP (or any
other LDAP server) has to first make that server use the AD schema, and
accept queries that assume that layout.  Either that, or implement
(somewhere) a mapping. 

Frankly this is hard - particularly for a 'perfect' mapping.  I hope we
might get a 'Samba3 migration' mapping, with major limitations, but even
that will be hard.

More reasonable is to have OpenLDAP load an AD-compatible schema, but
that often removes the reason people wanted to use OpenLDAP.

> - How can i map the samba-ldap to another port ?

If Samba is an domain controller using the AD logon protocols, then it
must listen to the LDAP port (client requirement).

> - is there some more documentation stuff for samba4 then on the 
> website and CVS.

Not really, but those interested in testing early SVN snapshots of
Samba4 can work with us either on this list, or #samba-technical on

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list