[Samba] Synchronising password of some AD users with an external LDAP?

Daniel Müller mueller at tropenklinik.de
Tue Feb 26 07:13:47 MST 2013 

Apache can authenticate against samba4 ads the same way as if it were
openldap.
http://wiki.samba.org/index.php/Samba4/beyond

Good Luck
Daniel

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Pekka L.J. Jalkanen
Gesendet: Dienstag, 26. Februar 2013 15:01
An: samba at lists.samba.org
Betreff: [Samba] Synchronising password of some AD users with an external
LDAP?

I'm in a situation where I should establish an external (i.e. non-AD) LDAP
directory for my employer for various web-based authentication purposes. I
don't think that Samba--or Windows AD, for that matter--in and itself would
be the best tool for this purpose; so far I've been reviewing 389 DS,
ApacheDS, OpenDJ and plain old OpenLDAP, but have made no final decision
yet.

Now however, it would be beneficial, even if not strictly speaking
necessary, if I could automatically synchronise the passwords of certain
accounts between that LDAP and our AD; most sensible solution here would
probably be to do it between the LDAP users having a corresponding AD
account belonging to a specific AD OU. Other than passwords, the accounts
and their attributes themselves should stay separate.

I know that if I were running a Windows AD, I could most likely accomplish
what I want with--if nothing else--the 389 DS by using DS-provided Password
Sync Service (see
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/
html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html
for more information).

However, our goal is to completely migrate our AD to Samba 4, so committing
to any software that depends on the continued availability of a Windows DC
simply won't do.

How could I accomplish this synchronisation with Samba 4? Can anyone nudge
me to the right direction? Or is possible at all?


Pekka L.J. Jalkanen

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list