[Samba] Sync'ing Samba LDAP with MySQL?
Rowland penny
rpenny at samba.org
Wed Nov 18 22:16:43 UTC 2020
On 18/11/2020 21:51, Dan Egli via samba wrote:
> Hey all. I started asking about this about a week ago, then got so sick I could hardly get out of bed. Now that I' m basically recovered(and no, it wasn't Covid, thank goodness), I want to pick up where left off. I'm about to provision the samba domain for my test setup. As long as that works, the next step is to ensure that information in Samba's LDAP database is properly replicated to a MySQL database that the MDA & MTA read and vice versa. I can't simply configure both to read the openLDAP files because of 3rd party sfw that would integrate with MySQL making the MySQL a requirement. However, I don't want to risk things getting out of sync, where a user I created in samba doesn't have a valid email account, or a user I deleted DOES have a vailid email account. And if a user changes their password on their own on one side, I need to make sure the change is copied to the other side.
>
> I'm perfectly content to write my own solution if needed, but I have no clue how to go about accessing Samba's LDAP information to read/write. If someone could either point me to a solution that would fix this for me, or at least point me to where I can read up on what the expected schema and authenitcation rules are, I'd appreciate it a great deal.
>
> Thanks all!
>
>
I think you are heading for a world of pain, can you not find another
mailserver that will work with AD, or failing that find another 3rd
party that doesn't need SQL.
Having said that, yes you can extend the AD schema, but it is a one way
street (a bit like the hotel California), you can add to the schema, but
you cannot remove anything from the schema. see here:
https://wiki.samba.org/index.php/Samba_AD_schema_extensions
You will have to write your own scripts to sync the AD contents to an
external database, this will not be trivial especially when you cannot
read the users passwords over the wire and will have to use something
like this:
https://dev.tranquil.it/wiki/SAMBA_-_Synchronisation_des_mots_de_passe_entre_un_Samba4_et_une_OpenLDAP
I hope you can read French, if not, try Google translate.
Keeping everything in sync will be a nightmare, it will probably be
easier to use a different mail server.
Rowland
More information about the samba
mailing list