[Samba] Best way to sync Samba AD 4 LDAP with OpenLDAP

Paul Reemeijer paul.reemeijer at surfsara.nl
Wed Jan 27 07:46:17 UTC 2016

Hello Rowland,

Thanks for your reactions. We will internally discuss it how to implement an AD solution.

Kind regards, Paul

----- Original Message -----
From: "Rowland penny" <rpenny at samba.org>
To: "sambalist" <samba at lists.samba.org>
Sent: Monday, 25 January, 2016 10:46:21
Subject: Re: [Samba] Best way to sync Samba AD 4 LDAP with OpenLDAP

On 25/01/16 08:03, Paul Reemeijer wrote:
> Goodmorning Rowland,
> Thank you for your reaction.
> Our OpenLDAP setup is maintained by a lot of people and in-house made tools; so that is why my first solution that I want to present for a new Samba solution to use OpenLDAP as our place to manage users. We also have everyting (services, workplaces and servers) make use of our ldap service.
> We want to use Samba AD mainly for the AD and GPO.
> I hope this is somehow a solution else I need to reevaluate the project.
> Kind regards,
> Paul Reemeijer

So you want to manage your users in ldap and use AD, or to put it 
another way, your want to have your users in ldap and in AD,.
I think you may be missing the point here, the whole idea behind AD is 
centralisation, all your users and groups exist in AD and your 
workstations, services etc look there to find them. You will have 
problems trying to keep your users etc in sync between two databases, 
take passwords for instance, in ldap they are easily visible and 
copyable, whilst in AD, they are hidden and read-only.
I think that you need to think the other way i.e. how do I make my 
existing setup work with AD, instead of how do I make AD work with my 
existing setup.

You will also have another problem, you will need to join your windows 
workstations to your new AD domain, once this is done, they will only 
look to AD for authentication, they will ignore the ldap servers.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list