[Samba] helping to implement samba 4 AD with ldap backend

Rowland penny rpenny at samba.org
Wed Jul 15 19:44:27 UTC 2020

On 15/07/2020 20:19, jmpatagonia via samba wrote:
> Hello Rowland the problem is more complex, because we have 13
> software/services/api linked to ldap repository on a production
> environment, we try to use one single user/password for everything, and it
> works.
> We update samba 2 or 3 years ago, but we found that samba 4 -ad is that
> moment is using a bult-in ldap, so we discard this option, because using
> this ldap implied same that as now reconfigure all 13 software, import
> schemas, adapt backups process, monitoring process, change ips, etc. So we
> discard this option because it is a lot of work, and we think is not
> compensates change everything just for samba. So in that memento use just
> the last samba 4 available.
> We have ad hoc classes, properties, on ldap in addition to samba/zentyal
> schemas.
> So in this case we are thinking of installing a new fresh samba 4-ad,
> importing all existing users/computers/passwords, redeveloping our
> interface to update users/passwd on both repositories.
> We don't understand why samba decides to use a builtin ldap and discard
> external ldap, is very annoying because in productions and largest
> environments need a lot off work and implies maintenance other ldap.
> Regards.
Samba AD is based on Microsoft AD, so it has to be compatible with that, 
initially Samba tried to use openldap, but from my understanding (it was 
before my time) it just couldn't be made to work. I also understand that 
for at least the last 8 years, there has been work (on and off) to try 
and get Samba AD to work with openldap, but to no success.

It is of course your decision, but I would investigate if is possible to 
use Samba AD as a base for your system, you may find that some of the 
adaptions to your existing can work with AD (they may already be there) 
and that you can extend the schema to cope with the rest.


More information about the samba mailing list