OpenLDAP and Samba4

Yoann Gini yoann.gini at
Mon Apr 22 15:55:27 MDT 2013

Le 22 avr. 2013 à 19:27, Gémes Géza <geza at> a écrit :

> Lots of attributes are different (conflicting) in the AD schema from those used by OpenLDAP or any other implementation. So bringing over ldif export files form existing LDAP directories won't work without changes, and could even need some patches for the software which used them.

Attribute composition or replacement to deal with that kind of situation are something that we are used to…

For my understanding of the AD system, the mains differences are the GPO applied to OU (but I don’t know how it’s saved and I’m curious about that) and some custom unique ID like de SID who look like to have a algorithmic conception.

Mapping userPrincipalName to uid and userAccountControl to static value or to a microsoft-userAccountControl field is not a big deal for a system administrator.

Conflicting attributes are just a question of mapping and you have the control on that point, you can translate on with some config file conflicting attributes. For things who don’t exist or exit in a bad format, we can handle a schema extension and an integration into the existing admin tools (for example to translate a password expiration date to a pwdLastSet boolean).

Providing the content is the role of the system administrator, not yours. What you have to do on your side is asking us what you need and allowing us to map some names to fit your needs in our schema.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4806 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list