[Samba] samba4 and (pseudo) LDAP backend for users, groups and rights

Marc Muehlfeld samba at marc-muehlfeld.de
Mon Jun 24 10:15:42 MDT 2013

Hello Marcus,

Am 24.06.2013 10:30, schrieb Marcus Mundt:
>> I did this in production last september (170 users, 230 workstations,
>> and around 25 services getting information from LDAP or authenticating
>> against). After some weeks of building a testing environment with
>> everything, I did the final switch on a weekend (1.5 days for changing
>> and adapting everything). And it's running absolutely great.
> How did you transfer the information from the (old) LDAP server to the
 > Samba 4 ADS? Or did you separate things, like servers relying on the
 > slapd and other systems communicating with the ADS?

I wrote a small dirty shell script, that reads all information from the 
old openLDAP via ldapsearch and put them into in to AD via ldapmodify. 
Was 30 mins work.

>>> My quick guesses of possible solutions:
>>> - Samba 4 + Slapd on the same machine. Slapd synced to LDAP-Master
>>>       - https://wiki.samba.org/index.php/Samba4/beyond#openLDAP_proxy_to_AD
>>>       - I don't know if I get this one...
>> The "beyond samba" page is from me. Just let me know, what's unclear.
>> Then I will extend the HowTo and improve the descriptions.
> Ok, I thought so. I guess I wished for something like an AD to openLDAP proxy :)

Just reply to the list, if you need more tips or miss something on the 
Wiki page.


More information about the samba mailing list