Samba3 / Samba4 migration -- question
zombie_ryushu at yahoo.com
Tue Oct 18 23:16:07 MDT 2011
On 10/19/2011 12:42 AM, Zombie Ryushu wrote:
> On 10/18/2011 11:42 PM, Andrew Bartlett wrote:
>> On Tue, 2011-10-18 at 19:58 -0400, Zombie Ryushu wrote:
>>> I have a question here. This may be relevant. I thought that when
>>> migrating from S3 to S4, the key was to import S3's old Schema
>>> attributes normally used in OpenLDAP, and use S3's ldapsam backend to
>>> keep the S3 servers up to date with what is in S4's directory services.
>> No, this is not how samba3 -> Samba4 migrations will happen. As Samba3
>> and Samba4 do not share a common schema, it is not possible to keep s3
>> servers alive once the domain has been cut over. Samba4 similarly
>> cannot operate against an OpenLDAP backend, it must use the internal
>> The migration script will copy over all the samba-known attributes, but
>> will not migrate custom schema. We can either extend the script to
>> handle some common cases here, or simply suggest that administrators run
>> a second python script to move objects to their desired final locations
>> and add any additional attributes or schema.
>> I hope this clarifies the options available for migration,
>> Andrew Bartlett
> This goes back to a problem that I have had. I understand that S4 will
> make OpenLDAP and Heimdal Kerberos completely obsolete. Samba 4
> provides the services they did as an LDAP server and Kerberos KDC.
> I experimented with this a few months back with S4 A15. (I am unable
> to compile anything past A15 due to linking errors.)
> I have a fair number of OpenLDAP schemas that I use to control things
> like FreeRadius, PostFix, eGroupware and sudoers. Samba 3 ldapsam
> attributes are among these. Samba 3's schema is the only one that
> wouldn't crash the migration tool on import on Alpha 15, OR Crash
> Samba 4 with a 'Constraint Violation.'
> I was fully expecting to be able to simply import the schemas of all
> my OpenLDAP oriented applications including Samba 3 into Samba 4 for
> compatibility purposes.
> The point is there are all these services that were built up and
> integrated around the OpenLDAP database paradigm.
> I guess what I am getting at that probably 80% of the time we're not
> talking about a migration from Samba 3, to Samba 4. We are talking
> about a Migration from OpenLDAP, Heimdal Kerberos, and Samba 3, to
> Samba 4 alone.
> But OpenLDAP stores all these database attributes that have nothing to
> do with Samba that all these other applications rely on? What if an
> infrastructure keeps Samba 3 Servers in place in some locations for
> compatibility reasons? The scary part is OpenLDAP going away.
More information about the samba-technical