[Samba] Samba3 to Samba4 migration: Databases and backend.
beauclaira at lexum.com
Tue Mar 4 08:53:38 MST 2014
Thank you for the reply!
>The tool is 'samba-tool domain classicupgrade'. See
>This handles users, groups and passwords. We would like to see this
>tool extended to handle other attributes often set in LDAP, either by
>somehow invoking the samba3sam ldb module (it is a mapping module we
>have already written), or (perhaps more flexibly) invoking a easily
>modified mapping function on the python script.
Upon reading this, I found out I forgot to mention that our Samba4 installation will be on another new server.
If my understanding is correct, this tool is only used when doing an "in-place" upgrade?
Can it be used when trying to migrate the data to a new server as well?
What we are currently trying to do, is install Samba4 on a new server (we are using the SerNet packages), and then try to import all the necessary data from OpenLDAP, Kerberos and our DNS on it.
The thing is, we first installed the Sernet packages, and then would appear there is a conflict when trying to install OpenLDAP, and it would not let us install it. It seems like sernet-samba-ad and openldap are mutually exclusive.
>Can you give me the links you found to be confusing? I would like to
Back when I started reading on the migration process, this is the first page I ran into. It mentionned a way to migrate from an OpenLDAP backend, and I thought it was supported since it was in the Samba Wiki. Then when I wasn't able to install
OpenLDAP after getting the Sernet Packages, I wondered how it would be possible to slapadd the backup.ldif file (since OpenLDAP wasn't there, hence no slapadd).
I then read in these links that using an OpenLDAP is not recommended.
This is when we decided to stick Samba4's builtin database, and wondered if importing the data from OpenLDAP would be possible. Now I realize some of this information might be out of date, but I'm not sure where to start to validate which is still valid or not.
What would then be the recommended way for us to proceed? We would simply want to consolidate everything under Samba4 on a new server while preserving the current data we have.
Thanks again for the help!
---- Original Message -----
From: "Andrew Bartlett" <abartlet at samba.org>
To: "Alexandre Beauclair" <beauclaira at lexum.com>
Cc: samba at lists.samba.org
Sent: Monday, March 3, 2014 5:56:04 PM
Subject: Re: [Samba] Samba3 to Samba4 migration: Databases and backend.
On Mon, 2014-03-03 at 17:16 -0500, Alexandre Beauclair wrote:
> We're currently in the process of evaluating an upgrade from our current setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.
> When we started reading about the migration process, we were led to believe that OpenLDAP wasn't fully supported in Samba4, and thus decided to use Samba4's builtin solution.
> Then upon reading the How-To on the Wiki, the "Migrating from LDAP backend" section shows how to migrate the database into another OpenLDAP database using slapcat and slapadd.
> Information on multiple forum threads seem to contradict itself more than once.
> Is OpenLDAP really not the way to go anymore, or is the information stating it is somewhat deprecated too old?
> Is there any downside as to use OpenLDAP with Samba4 (such as the inability to use GPOs on our Windows clients)?
Can you give me the links you found to be confusing? I would like to
> Since we were not sure about the previous, we decided to try an upgrade in our test environment, and stick with Samba4's builtin database.
> Is there a way to import our user and group data from our previous OpenLDAP database into Samba4's builtin database?
The tool is 'samba-tool domain classicupgrade'. See
This handles users, groups and passwords. We would like to see this
tool extended to handle other attributes often set in LDAP, either by
somehow invoking the samba3sam ldb module (it is a mapping module we
have already written), or (perhaps more flexibly) invoking a easily
modified mapping function on the python script.
It would be desirable if we could also have a test for this mode of
operation, to ensure it does not encounter regressions.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba