[Samba] Migrate openLDAP into Samba AD

Rowland Penny rpenny at samba.org
Mon Jul 2 09:01:53 UTC 2018

On Mon, 2 Jul 2018 10:19:29 +0200
Jakob Lenfers via samba <samba at lists.samba.org> wrote:

> Hi,
> we moved (or still are moving) our users manually from our Samba NT4
> Domain with LDAP to a Samba AD (4.7.6). We had a few schema extensions
> in our openLDAP to feed some services (dovecot mail settings,
> nextcloud quota, ...). I would prefer to have only one place for our
> users, but I'm new to AD. I've read that I can extend the schema,
> which seems not too different from openLDAP, even though the
> documentation states it is a bit dangerous.

You can extend the schema, Samba even supplies a script to turn
openldap schemas to Active directory ldifs and it has the imaginative
name of 'oLschema2ldif'

> So my questions are I guess:
> - Is it feasible to authenticate and feed some user settings to
> services like dovecot and nextcloud with a Samba AD?

We have a wikipage for dovecot:


Try an internet search for 'nextcloud active directory' or 'nextcloud

> - How would I edit my attributes? I doubt there will be a tab in the
> windows dialog (dsa.msc) we use now...

No you cannot use windows tools, but you could write your own scripts,
or use something like Linux Account Manager (LAM)

> - Alternatively, is there a useful way to chain both services? As far
> as I've read, the AD cannot use openLDAP for passwords (which would
> have been great for me...), is it possible the other way around?

You can use openldap as an AD proxy, (yes, we also have a wiki page for
this:  https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD )
But you probably don't need to do this ;-)


More information about the samba mailing list