Samba4 Alpha 15 as LDAP server authentication for other services

Tomasz Czapiewski xeros at
Wed Feb 16 06:17:18 MST 2011

I'm planning to use Samba Alpha 15 not only for Active Directory but 
extend it's schema for use it's backend for other services like:
a) hardware:
- switches that have option for LDAP (getting MAC addresses of machines 
and set them to VLANs),
- UTM that has both LDAP and AD options (here it would be both users and 
machines for network access),
- network printers with LDAP or AD usage options (for binding access to 
specific users, not important to have that),
- network scanners with LDAP usage option (not sure if I need it),
b) software:
- Postfix and Cyrus as mail server (authenticate users and get/set their 
e-mail adresses) [top priority],
- Squid proxy server (access for AD users, to track sites visited by 
- ejabberd Jabber server (users and passwords) [top priority],
- Bind9 DNS server (network names for workstations and site domain, site 
domain might be outside in typical bind config and delegation files)
- DHCP server (MACs for machines and some options for network boot, might 
be outside of AD in case of problems(?))

As for AD, I'll have PCs with Windows XP and Windows 7 workstations and I 
- GPO [top priority]
- roaming profiles with registry, Desktop, Documents, application settings 
keept on server, without storing files on workstation disks, [top 
- only network printers, no need to share printers by workstations or 
server, [top priority for using network printers by direct connections to 
their IPs at 9100 port]
- block USB storage driver for workstations
- enforce proxy settings

I have few Linux servers and workstations, too that I might connect to 
LDAP of Samba4, but that's not a priority now.

I've read wiki info about different backends like OpenLDAP or Fedora_DS 
and it's restrictions...
But what about Samba4 builtin LDAP backend? Would such configuration work 
now on it?
How does builtin LDAP backend now behave when extending it's schema for 
other services?
Can I achieve it with Samba4 at current state?

As for password for other services, it's not necessary to use Samba4 
AD paswords, such passwords might be created at profile creating using 
scripts, but only need to bind them to AD users objects.

And only [top priority] options are really needed, I can drop other 
options in case of problems implementing them.

With Regards,
Tomasz Czapiewski

More information about the samba-technical mailing list