[Samba] samba's ldap

Rowland penny rpenny at samba.org
Sun Nov 8 10:06:16 UTC 2020

On 08/11/2020 07:13, Dan Egli via samba wrote:
> On Sunday, November 08, 2020 12:00 AM MST, Andrew Bartlett <abartlet at samba.org> wrote:
>> On Sun, 2020-11-08 at 06:45 +0000, Dan Egli via samba wrote:
>>> Since samba doesn't use openldap for AD DC mode, is it possible to directly read from/write to samba's LDAP from 3rd party programs? I want to ensure that I can keep user information consistent across multiple databases.
>> Yes, just like an OpenLDAP server, you can access our LDAP server.  The
>> big differences are:
>> - the AD schema and layout
>> - authentication is required for all operations.
> Since I've never used LDAP before, can you point me to a good source for the schema and how to access data within it?  I understand things like MySQL easy enough. But since I need to reconcile data between MySQL and Samba's LDAP, I need to be sure I understand how Samba's LDAP is laid out and how you'd access it externally.
> Thanks!

The LDAP that a Samba AD DC uses, operates in a similar way to openldap 
and can be accessed with the same tools, ldapsearch python-ldap etc. 
Samba does come with its own version of the ldap-utils, ldbsearch etc. , 
these work like the ldap tools, but with a few more options.

One difference is that you can have a user in multiple OU's in openldap, 
this is not allowed in AD, all user names have to be unique.

It might be easier to explain this if you give an example of what you 
want to store in AD and how you connect to it now.


More information about the samba mailing list