[Samba] samba4 & ldap?
Matthieu Patou
mat at samba.org
Fri Nov 18 15:48:06 MST 2011
On 18/11/2011 18:43, Cybionet wrote:
> Greeting Adam,
>
> Just to be sure, because this post is interesting for those who build
> solution with Samba/OpenLDAP (like me who use it since 2004),
>
>
> 1. Samba4 don't support LDAP backend, but have is own LDAPv3 server?
> (ref.: http://wiki.samba.org/index.php/Samba4/FAQ)
Yes, initially we thought it could be possible to have an external LDAP
server and use it, but it turns out not to be so simple because of the
schema needed for the Active Directory and also to support some
functionality of AD (Directory replication for instance).
Making Samba4 use OpenLDAP is not impossible but even if it was working
it won't be what users expect as most people thinks that it should/could
be possible do say "hey Samba4 here is my LDAP server with my current
data, please install whatever you need and then let's start the AD",
whereas for the moment it's more like using OpenLDAP as backend storage
for the AD database.
>
> 2. It's possble to use Samba4 like a Domain Controller without any
> Windows Server.
Yes, I've been running a small site in production with only 1 Samba 4
domain controller for more than 3 years now, lately I added a second
Samba 4 server for the failover.
>
> 3. And if yes, will it be possible to extend the schema like with
> OpenLDAP or AD? By example if I want to use it with other service like
> mail server.
Yes, it's possible but for the moment the schema needs to be very
complete, some schema objects need some attributes that we should
generate and that we don't generate for the moment. The lack of those
attributes lead to a schema corruption.
There is a couple of solutions for this, see
http://samba.2283325.n4.nabble.com/Extending-samba4-schema-td3510357.html for
more info.
>
>
> in short, will it be possible to continue using our solution, with the
> incorporated Samb4 LDAP server and without any LDAP backend?
>
Normally it should, depending on the complexity of the schema it might
be non trivial to do it, just try if you have problems we can help you
to solve the problems you encounter.
Matthieu.
> Thank
>
> Robert
>
> Adam Tauno Williams a écrit :
>> On Thu, 2011-11-17 at 12:34 -0600, John Heim wrote:
>>> I am confused... Using an ldap server as a backend for samba4 is not
>>> recommended?
>> Not only not recommended, it will not work and is not supported.
>>
>>> We are primarily a linux shop. We have an ldap database we use
>>> for authentication. I can't use that anymore if I switch to samba4?
>> Nope.
>>
>> Active Directory provides an LDAP service (DSA) but Active Directory is
>> not LDAP. It has very specific provisioning, security, and schema
>> rules.
>>
>
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba
mailing list