[Samba] samba4 & ldap?

[John Heim]

From: "David Magda" <dmagda at ee.ryerson.ca>
To: "John Heim" <jheim at math.wisc.edu>
Cc: <samba at lists.samba.org>
Sent: Friday, November 18, 2011 12:24 PM
Subject: Re: [Samba] samba4 & ldap?


> On Thu, November 17, 2011 13:34, John Heim wrote:
>> I am confused... Using an ldap server as a backend for samba4 is not
>> recommended? We are primarily a linux shop. We have an ldap database we
>> use for authentication. I can't use that anymore if I switch to samba4?
>
> If you don't need to emulate Active Directory, then you should probably
> just stick with the Samba 3.x series. Samba 3 emulates NT-style domain
> membership and for simply single-password/login infrastructure it should
> be sufficient.
>
> Samba 4 is a bit more ambition that that.
>
> Hopefully/Perhaps one day it will support LDAP back-ends more readily, but
> considering it's still in beta (alpha?), I'd guess such functionality is
> barely on the TODO list (assuming it's even technically possible).


Yeah, I've decided to stick with samba3 for now. I am not suggesting that 
the samba4 developers try to enable openldap as a backend. In fact, if they 
put it up for a vote, even though we're an openldap shop, I'd vote against 
wasting time on it. I'd anticipate that someday, we'd want to switch to 
samba4 because Microsoft is going to put out a version of Windows some day 
that won't talk to NT-style domains. But I would want to use samba's AD/ldap 
server.

We keep all kinds of stuff in our ldap database besides authentication info 
but I always considered that wrong. So I wouldn't cry too much if the samba 
team didn't bother allowing you to extend the AD schema. And even if they 
did, we might not take advantage of it. We might say, "Its about time we put 
all that stuff in mysql anyway."

JMHO.