[Samba] Best way to sync Samba AD 4 LDAP with OpenLDAP
rpenny at samba.org
Mon Jan 25 09:46:21 UTC 2016
On 25/01/16 08:03, Paul Reemeijer wrote:
> Goodmorning Rowland,
> Thank you for your reaction.
> Our OpenLDAP setup is maintained by a lot of people and in-house made tools; so that is why my first solution that I want to present for a new Samba solution to use OpenLDAP as our place to manage users. We also have everyting (services, workplaces and servers) make use of our ldap service.
> We want to use Samba AD mainly for the AD and GPO.
> I hope this is somehow a solution else I need to reevaluate the project.
> Kind regards,
> Paul Reemeijer
So you want to manage your users in ldap and use AD, or to put it
another way, your want to have your users in ldap and in AD,.
I think you may be missing the point here, the whole idea behind AD is
centralisation, all your users and groups exist in AD and your
workstations, services etc look there to find them. You will have
problems trying to keep your users etc in sync between two databases,
take passwords for instance, in ldap they are easily visible and
copyable, whilst in AD, they are hidden and read-only.
I think that you need to think the other way i.e. how do I make my
existing setup work with AD, instead of how do I make AD work with my
You will also have another problem, you will need to join your windows
workstations to your new AD domain, once this is done, they will only
look to AD for authentication, they will ignore the ldap servers.
More information about the samba