OpenLDAP Schemas in Samba 4.

Zombie Ryushu zombie_ryushu at
Mon Jun 6 21:08:33 MDT 2011

I'm currently running experiments with Samba 4 Alpha 15 . From the looks of things, it looks as if Samba 4 will replace OpenLDAP and Heimdal Kerberos before it obsoletes Samba 3. As suchj, I'm trying to replicate as much server side OpenLDAP functionality in Samba 4 as I can. Because there was a specific schema, and while I understand that the primary purpose of Samba 4 is AD, there should be 'backward compatibility' with what POSIX operating systems that have depended on OpenLDAP have come to expect. 

I think that it is in inevitable that OpenLDAP's future is as a part of Samba and that just a few years from now, if you want an LDAP server, or a Kerberos KDC, the official solution will BE Samba 4.

That being said, the applications that have worked in the past with OpenLDAP such
Samba 3.x
nss_ldap (Posix Attributes)
eGrouupware and phpGroupware
Probably others I am forgetting.

Now I think that  maintaining a copy of their schema is a bad idea as they could change. At least to the degree that the schema don't clash, and a majority of them do not clash. Linux clients should authenticate against Samba 4 the same way they did against OpenLDAP and Kerberos.

Now I have composed  a report of some of the schemas creating problems. These are really serious problems. Importing a Schema should not cause the schema converter to segfault or get into infinite loops.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: yE2cKn9C.txt
URL: <>

More information about the samba-technical mailing list