moving to openldap backend

Andrew Bartlett abartlet at
Mon Sep 22 04:56:28 GMT 2008

On Sun, 2008-09-21 at 22:13 +0400, Matthieu Patou wrote:
> Dear all,
> I currently run samba4 with the built-in ldap server.
> I would like to know if it is possible to move to the ldap backend server.
> If so can I get some pointers ?

Moving an existing local-LDB based domain to the OpenLDAP backend is not
supported at the moment - but you are very right that it should be.

A few traps come to mind:

We use OpenLDAP's entryUUID for the objectGUID, but in an import
situation this is bad - as I don't think you can override it.  

We can't change the objectGUID, as this would change the domain GUID.

We expect OpenLDAP to fill in the forward and reverse links, but at
import time we would rather use the pre-computed data (because the other
end might not exist, and we already have the correct data).

Perhaps there is a magic control (Manage DIT??) we could pass OpenLDAP
to have it allow this mis-behaviour during the import?

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list