Install SAMBA 4 with external ldap

Andrew Bartlett abartlet at
Thu Jul 3 14:51:15 MDT 2014

On Wed, 2014-07-02 at 15:14 +0000, Da Cruz, José wrote:
> Hello,
> Today we have an architecture of this type:
> - 1 SAMBA 3.5.6 server (file server, user management windows)
> - 1 OpenLDAP backend server (with SMTP / POP / IMAP / HTTP / APPLICATIONS and Samba)
> We identified two scenarios:
> - We want to migrate this solution to a version of samba4 communicating with OpenLDAP backend server if possible. (not many docs found the above)

This is possible, and you can just upgrade to the latest Samba 4.1
(suggest you wait until the next version out in a week or so, due to a
nasty file truncation issue we just discovered).

> - Or migrate to the latest versions of SAMBA 3.6.9 and continue to use
> the second OPENLDAP server (Backend). However, we have to integrate
> into the DC  some clients with WINDOWS 7 and we don't want to change
> the windows "registry" to become compliant
> (

You can upgrade to Samba 4.x, but you can't avoid the registry changes
if you want to keep the OpenLDAP backend.  It will remain a
'classic' (NT4-like) DC. 

> Can you tell us if these two scenarios are possible and there are documents relating to this issue?

The reason there are no documents about Samba 4.x as an AD DC against an
existing OpenLDAP backend, is that this is not supported, nor expected
to be supported.  The AD DC has a different schema and layout on LDAP
compared with how Samba 3.x was traditionally deployed, among other
serious issues. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list