[Samba] Samba4 Auth Against OpenDirectory (OpenLDAP)

Andrew Bartlett abartlet at samba.org
Sun Mar 21 01:09:08 MDT 2010


On Fri, 2010-03-12 at 10:37 -0600, Michael Lyon wrote:
> I've been working through the instructions on the samba wiki:
> http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP
> 
> My OpenLDAP is running on Snow Leopard Server in an OpenDirectory
> environment.  I run into this error:

I've updated the OpenLDAP backend page in the wiki.  Hopefully it now
works - but we don't currently have a way to use an external LDAP
server.

Some of this will change - we will get support for talking to an
existing LDAP server - but that LDAP server will need to use the AD
schema.  

There is some hope here - FreeIPA will be doing some mapping work
between Samba4 and a more traditional backend structure. 

The bigger challenge of using the data in the Open Directory is much
harder.  This is made harder by the fact that passwords are not stored
in OpenDirectory - they are stored in a separate password store,
accessed by the Open Directory KDC and the password server. 

We can talk about the options and how we might be able to make something
work for you on samba-technical if you like. 

I'm sorry this isn't so easy,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100321/3b0d594c/attachment.pgp>


More information about the samba mailing list