[Samba] Migrate openLDAP into Samba AD
rpenny at samba.org
Mon Jul 2 09:01:53 UTC 2018
On Mon, 2 Jul 2018 10:19:29 +0200
Jakob Lenfers via samba <samba at lists.samba.org> wrote:
> we moved (or still are moving) our users manually from our Samba NT4
> Domain with LDAP to a Samba AD (4.7.6). We had a few schema extensions
> in our openLDAP to feed some services (dovecot mail settings,
> nextcloud quota, ...). I would prefer to have only one place for our
> users, but I'm new to AD. I've read that I can extend the schema,
> which seems not too different from openLDAP, even though the
> documentation states it is a bit dangerous.
You can extend the schema, Samba even supplies a script to turn
openldap schemas to Active directory ldifs and it has the imaginative
name of 'oLschema2ldif'
> So my questions are I guess:
> - Is it feasible to authenticate and feed some user settings to
> services like dovecot and nextcloud with a Samba AD?
We have a wikipage for dovecot:
Try an internet search for 'nextcloud active directory' or 'nextcloud
> - How would I edit my attributes? I doubt there will be a tab in the
> windows dialog (dsa.msc) we use now...
No you cannot use windows tools, but you could write your own scripts,
or use something like Linux Account Manager (LAM)
> - Alternatively, is there a useful way to chain both services? As far
> as I've read, the AD cannot use openLDAP for passwords (which would
> have been great for me...), is it possible the other way around?
You can use openldap as an AD proxy, (yes, we also have a wiki page for
this: https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD )
But you probably don't need to do this ;-)
More information about the samba