[Samba] LDAP versus LDAPSAM

Craig White craigwhite at azapple.com
Mon Feb 2 15:48:37 GMT 2004

On Mon, 2004-02-02 at 07:59, Philip Juels wrote:
> Hi all,
> What exactly is the difference between ldap and ldapsam compilations? 
> What functional differences are there for samba?  I assume you can do
> user authentication with just ldap?
why would you assume that? samba has always maintained it's own db for
user accounts - the posix attributes don't contain information fields
necessary for samba usage.

LDAP is it's own entity - ldapsam is just one of several options for
backend storage of users/groups/computers that have significance in a
Windows network
>   Is ldapsam only necessary for PDC
> functionality?
ldapsam isn't necessary for PDC functionality - but some backend type is
necessary for samba functionality. The choice of which one to use and
how to use it is yours.
> There seems to be loads of documentation on Samba-as-PDC-to-LDAP, but
> virtually none that I could find for just samba-to-ldap (over TLS, so
> no PAM)
do you have other services that authenticate to LDAP without PAM? if so,
why not try to implement the model that you've already got in place?
>  user authentication (I'm not interested in setting up a
> samba-based PDC, although I will if I have to).
I haven't figured out why you would have to make a samba PDC but you
haven't figured out what you want to do. If you have LDAP & PAM already
handling authentication for resource level stuff, this may be all you
need and just using a simple backend like passwd backend or tdbsam
backend to store users & groups & machines stuff. Unless you fully
integrate with LDAP (ldapsam), there is only your scripting to try to
link the LDAP users & passwords to samba.


More information about the samba mailing list