[Samba] LDAP with Samba4

Rowland Penny rowlandpenny at googlemail.com
Mon Mar 9 09:49:20 MDT 2015

On 09/03/15 15:13, Adi Kriegisch wrote:
> Hey!
> We're still running a Samba3 Domain Controller but need to upgrade to
> Samba4/AD soon. The core of our DC is an OpenLDAP server that holds
> authentication information for many services including Samba3.
> The LDAP server gets replicated to every machine that provides some kind of
> authentication or needs local user account information; changing password
> is done on a web interface that enforces our password policy and keeps
> Samba passwords and "unix passwords" in sync.
> The question is how can we continue to use a LDAP server for authentication
> while keeping accounts and passwords in sync?
> Is there still some development going on for the OpenLDAP backend of
> Samba4[1]?
> How did others solve such a situation?
> Thanks,
>      Adi
> [1] https://wiki.samba.org/index.php/Samba4/LDAP_Backend

Hi, just what are the services that need to authenticate via ldap ?

There is a page on the samba wiki about authenticating to samba4 AD:


It is not exhaustive and other services can auth via S4 AD, postfix & 
dovecot for instance.

I believe that there is (or is that was?) some work going on to try and 
make a samba4 AD DC use Openldap instead of the built ldap, but it seems 
to have gone quiet on that front lately.


More information about the samba mailing list