[Samba] Migrate openLDAP into Samba AD

[Rowland Penny]

On Mon, 2 Jul 2018 14:24:03 +0200
Jakob Lenfers <lenfers at bigsss-bremen.de> wrote:

> Am 02.07.2018 um 11:01 schrieb Rowland Penny via samba:
> 
> >> - Is it feasible to authenticate and feed some user settings to
> >> services like dovecot and nextcloud with a Samba AD?
> > We have a wikipage for dovecot:
> > 
> > https://wiki.samba.org/index.php/Authenticating_Dovecot_against_Active_Directory
> 
> Thanks, I'll probably use the ldap interface instead, since I need
> more than only authentication. Postfix needs to know email addresses
> and dovecot quota as well.

You really need to speak to Louis about email, but I think he would
suggest investigating Kopano.

> 
> > Try an internet search for 'nextcloud active directory' or
> > 'nextcloud kerberos'
> 
> Nextcloud works out of the box, but if I want to manage quotas there,
> I'll need to use extra attributes...

Is there a schema available ?

> 
> >> - How would I edit my attributes? I doubt there will be a tab in
> >> the windows dialog (dsa.msc) we use now...
> > No you cannot use windows tools, but you could write your own
> > scripts, or use something like Linux Account Manager (LAM)
> 
> ... which I need to configure somehow. Does anybody have good advice
> in that regard? GOsa seems to be dead (that's what we are using now,
> I fear it'll die with our last server supporting PHP5), LAM has to be
> rented, which I cannot do. 

There is a free version of LAM, but there are some restrictions.

>Maybe I'll just use a general purpose LDAP
> client, then I'll be independent from that kind of developments. But
> if anybody is in a similar situation and has a good tool I missed, I
> would be grateful.

Wouldn't we all ;-)

Have considered writing your own scripts around ldapsearch etc ?

> 
> I guess I'm leaving the lists topic, sorry for the noise.

No, it is a valid topic, using 'things' with a Samba AD DC will always
be valid, provided it doesn't clash with a Samba provided tool.

Rowland