[Samba] LDAP with Samba4
adi at cg.tuwien.ac.at
Tue Mar 10 04:10:30 MDT 2015
Thank you for your answers!
> >A full-blown OpenLDAP server is able to do replication.
> >The advantage of this is that servers/services may run without having
> >access to the master OpenLDAP server and there is more: using decent crypto
> >settings for the connection slows down lookups; another reason for using
> >LDAP on localhost (or even better ldapi).
> AD does replication and if required, you can run openldap on the
> same machine as AD, but you cannot run it on ports 389 & 686.
I doubt AD replication will scale to 50+ machines easily and I am not sure
I want the full AD stack on all of those machines.
The OpenLDAP is "just" acting as a proxy which means it cannot do
replication on its own.
> >>I believe that there is (or is that was?) some work going on to try
> >>and make a samba4 AD DC use Openldap instead of the built ldap, but
> >>it seems to have gone quiet on that front lately.
> >Too bad. Do others then manually sync accounts between OpenLDAP and
> >Samba/AD? Is there an interface that (kind of) streams out LDIF-Changesets?
> >Is there a way to get plain LDIF out of Samba/AD?
> I cannot speak for other users, but I am sure that somebody is doing
> what you want to do, but I also think most people will be using AD
> just for authentication. You can extract LDIFs from AD, but they are
> not exactly like Openldap ones.
Would be great to hear of one of those! :)
Are those LDIFs rather full tree dumps or incrementals? Or in other words:
would I be required to parse the full AD tree and implement some kind of
syncing or is it possible to get just the changes?
Thanks for your help!
More information about the samba