[Samba] Samba3 to Samba4 migration: Databases and backend.
abartlet at samba.org
Mon Mar 3 15:56:04 MST 2014
On Mon, 2014-03-03 at 17:16 -0500, Alexandre Beauclair wrote:
> We're currently in the process of evaluating an upgrade from our current setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.
> When we started reading about the migration process, we were led to believe that OpenLDAP wasn't fully supported in Samba4, and thus decided to use Samba4's builtin solution.
> Then upon reading the How-To on the Wiki, the "Migrating from LDAP backend" section shows how to migrate the database into another OpenLDAP database using slapcat and slapadd.
> Information on multiple forum threads seem to contradict itself more than once.
> Is OpenLDAP really not the way to go anymore, or is the information stating it is somewhat deprecated too old?
> Is there any downside as to use OpenLDAP with Samba4 (such as the inability to use GPOs on our Windows clients)?
Can you give me the links you found to be confusing? I would like to
> Since we were not sure about the previous, we decided to try an upgrade in our test environment, and stick with Samba4's builtin database.
> Is there a way to import our user and group data from our previous OpenLDAP database into Samba4's builtin database?
The tool is 'samba-tool domain classicupgrade'. See
This handles users, groups and passwords. We would like to see this
tool extended to handle other attributes often set in LDAP, either by
somehow invoking the samba3sam ldb module (it is a mapping module we
have already written), or (perhaps more flexibly) invoking a easily
modified mapping function on the python script.
It would be desirable if we could also have a test for this mode of
operation, to ensure it does not encounter regressions.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba