[Samba] LDAP with Samba4

Adi Kriegisch adi at cg.tuwien.ac.at
Tue Mar 10 01:36:54 MDT 2015


> >The question is how can we continue to use a LDAP server for authentication
> >while keeping accounts and passwords in sync?
> >Is there still some development going on for the OpenLDAP backend of
> >Samba4[1]?
> >How did others solve such a situation?
> Hi, just what are the services that need to authenticate via ldap ?
> There is a page on the samba wiki about authenticating to samba4 AD:
Thanks for the pointer; this can indeed be done for some of the services.
But what I am about to loose is local authentication and independence of
services: A full-blown OpenLDAP server is able to do replication.
The advantage of this is that servers/services may run without having
access to the master OpenLDAP server and there is more: using decent crypto
settings for the connection slows down lookups; another reason for using
LDAP on localhost (or even better ldapi).

> I believe that there is (or is that was?) some work going on to try
> and make a samba4 AD DC use Openldap instead of the built ldap, but
> it seems to have gone quiet on that front lately.
Too bad. Do others then manually sync accounts between OpenLDAP and
Samba/AD? Is there an interface that (kind of) streams out LDIF-Changesets?
Is there a way to get plain LDIF out of Samba/AD?

-- Adi

More information about the samba mailing list