OpenLDAP and Samba4

Luke Howard lukeh at
Fri Apr 19 11:16:14 MDT 2013

On 19/04/2013, at 6:59 PM, Jeremy Allison <jra at> wrote:

>> Due to AD constraints it means that when openldap is the backend for
>> Samba AD it has to be dedicated to Samba all access should be done
>> through Samba because any change made through DCERPC servers
>> (Netlogon, DRS, LSA, ...) must be seen immediately in the LDAP
>> server and also the other way around.
> Sure - we would have to back-end DCERPC services onto
> the LDAP store, that's understood. Remember, Luke Howard
> already did this for XAD.

I don't understand LDB so well, but you have a bunch of plugins that you stack that enforce things, right? Maybe you can write an adapter into OpenLDAP's overlay plugin architecture? There are probably a million reasons why this wouldn't work / would be complicated, but it's an idea.

-- Luke

More information about the samba-technical mailing list