[Samba] Best way to sync Samba AD 4 LDAP with OpenLDAP

Jiří František jiri.frant at gmail.com
Wed Jan 27 07:53:27 UTC 2016 

Hello Paul,
look at http://lsc-project.org/ maybe this can help you.


On Wed, Jan 27, 2016 at 8:49 AM Paul Reemeijer <paul.reemeijer at surfsara.nl>
wrote:

> Hello Rowland,
>
> Thanks for your reactions. We will internally discuss it how to implement
> an AD solution.
>
> Kind regards, Paul
>
> ----- Original Message -----
> From: "Rowland penny" <rpenny at samba.org>
> To: "sambalist" <samba at lists.samba.org>
> Sent: Monday, 25 January, 2016 10:46:21
> Subject: Re: [Samba] Best way to sync Samba AD 4 LDAP with OpenLDAP
>
> On 25/01/16 08:03, Paul Reemeijer wrote:
> > Goodmorning Rowland,
> >
> > Thank you for your reaction.
> >
> > Our OpenLDAP setup is maintained by a lot of people and in-house made
> tools; so that is why my first solution that I want to present for a new
> Samba solution to use OpenLDAP as our place to manage users. We also have
> everyting (services, workplaces and servers) make use of our ldap service.
> > We want to use Samba AD mainly for the AD and GPO.
> >
> > I hope this is somehow a solution else I need to reevaluate the project.
> >
> > Kind regards,
> > Paul Reemeijer
> >
> >
> >
>
> So you want to manage your users in ldap and use AD, or to put it
> another way, your want to have your users in ldap and in AD,.
> I think you may be missing the point here, the whole idea behind AD is
> centralisation, all your users and groups exist in AD and your
> workstations, services etc look there to find them. You will have
> problems trying to keep your users etc in sync between two databases,
> take passwords for instance, in ldap they are easily visible and
> copyable, whilst in AD, they are hidden and read-only.
> I think that you need to think the other way i.e. how do I make my
> existing setup work with AD, instead of how do I make AD work with my
> existing setup.
>
> You will also have another problem, you will need to join your windows
> workstations to your new AD domain, once this is done, they will only
> look to AD for authentication, they will ignore the ldap servers.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list