[Samba] AD LDAP

Arnaud FLORENT aflorent at iris-tech.fr
Wed Jun 27 10:19:08 UTC 2018

Le 27/06/2018 à 11:45, Rowland Penny via samba a écrit :
> On Wed, 27 Jun 2018 11:31:15 +0200 (CEST)
> Michal via samba <samba at lists.samba.org> wrote:
>>    Hi,
>>   it there  any way how to look into samba ldap in the same way I can
>> look into OpenLdap via LDAPAdmin, ldap tools etc, when I know
>> OpenLDAP "root" dn and password? Is there such "root" user for Samba
> Samba AD uses its own version of ldap and most, if not all, standard
> ldap tools will work with it.
> The 'root' user for AD is called 'Administrator', but you are not
> restricted to this user, you can use any user that is a member of
> 'Domain Admins', for instance.
>>   We have a lot of scripts based on "ldapsearch" (without
>> authentification) and "ldapmodify" (with ldap authentification). It
>> would be very unpleasant if we can not use the scripts with SambaAD.
> They should work, but you may not need all of them, Samba comes with
> 'samba-tool' and you can use this to maintain user & groups etc.

AD LDAP requires auth for search... so your ldapsearch calls should fail

you can try to set auth info in .ldaprc (see man ldap.conf BINDDN)
> Rowland

More information about the samba mailing list