[Samba] Migrate to samba 4 in ( relatively ) complex openLDAP environment

andreas andreas.moroder at tin.it
Thu Dec 13 08:54:47 MST 2012


Hello,

we, a public hospital, would like to migrate to samba4 from our samba3.x 
environment. According to the documentation samba4 does use a internal ldap 
server.

We use openLDAP as directory for 
samba
horde
Oracle name resolution
zope user authentication, 
Checkpoint Firewall authentication (only few users ), 
squid proxy authentication,
logon authentication to our linux servers, 
logon authentication to our enterasys switches via freeradius

The objectClasses we need are 

objectClass: account
objectClass: dcObject
objectClass: device
objectClass: domain
objectClass: groupOfNames
objectClass: hordePerson
objectClass: hostObject
objectClass: inetOrgPerson
objectClass: ipHost
objectClass: ipNetwork
objectClass: orclNetService
objectClass: orcluser
objectClass: organizationalPerson
objectClass: organizationalUnit
objectClass: person
objectClass: posixAccount
objectClass: posixGroup
objectClass: radiusprofile
objectClass: sambaDomain
objectClass: sambaGroupMapping
objectClass: sambaSamAccount
objectClass: sambaTrustedDomainPassword
objectClass: sambaUnixIdPool
objectClass: shadowAccount
objectClass: SuSEeMailObject
objectClass: top

that are defined int this schema files

/etc/openldap/schema/core.schema
/etc/openldap/schema/cosine.schema
/etc/openldap/schema/freeradius.schema
/etc/openldap/schema/inetorgperson.schema
/etc/openldap/schema/horde.schema
/etc/openldap/schema/nis.schema
/etc/openldap/schema/oracle.schema
/etc/openldap/schema/oracle-neu.schema
/etc/openldap/schema/suse.schema
/etc/openldap/schema/samba.schema
/etc/openldap/schema/yast.schema

Below the attributes I got exporting to ldif and awk | sort -u

We have one master and two replicas ( one direction replication )

Is it possible to implement this with samba4 ?

Thanks
Andreas


Attributes

alias                                                                                                                                                                                                                                        
c                                                                                                                                                                                                                                            
cn                                                                                                                                                                                                                                           
dc                                                                                                                                                                                                                                           
departmentNumber                                                                                                                                                                                                                             
description                                                                                                                                                                                                                                  
displayName                                                                                                                                                                                                                                  
dn                                                                                                                                                                                                                                           
employeeNumber                                                                                                                                                                                                                               
employeeType                                                                                                                                                                                                                                 
facsimileTelephoneNumber                                                                                                                                                                                                                     
gecos
gidNumber
givenName
groupMemberShip
homeDirectory
homePhone
host
imapPort
imapServer
initials
ipHostNumber
ipNetmaskNumber
ipNetworkNumber
l
labeledURI
loginShell
mail
mailDomain
mailenabled
member
memberUid
mobile
o
objectClass
orclnetdescstring
orclpassword
ou
pager
postalCode
preferredLanguage
radiusFilterId
radiusTunnelMediumType
radiusTunnelPrivateGroupId
radiusTunnelType
sambaAcctFlags
sambaAlgorithmicRidBase
sambaClearTextPassword
sambaDomainName
sambaForceLogoff
sambaGroupType
sambaHomeDrive
sambaKickoffTime
sambaLMPassword
sambaLockoutDuration
sambaLockoutObservationWindow
sambaLockoutThreshold
sambaLogoffTime
sambaLogonHours
sambaLogonScript
sambaLogonTime
sambaLogonToChgPwd
sambaMaxPwdAge
sambaMinPwdAge
sambaMinPwdLength
sambaNextRid
sambaNextUserRid
sambaNTPassword
sambaPasswordHistory
sambaPreviousClearTextPassword
sambaPrimaryGroupSID
sambaProfilePath
sambaPwdCanChange
sambaPwdHistoryLength
sambaPwdLastSet
sambaPwdMustChange
sambaRefuseMachinePwdChange
sambaSID
shadowExpire
shadowInactive
shadowLastChange
shadowMax
shadowMin
shadowWarning
sn
st
street
telephoneNumber
title
uid
uidNumber
userPassword




More information about the samba mailing list