[Samba] Options integrating Samba AD DC with Identity Management sytems?

Rowland Penny rpenny at samba.org
Tue Jun 14 19:07:38 UTC 2022


On Tue, 2022-06-14 at 20:56 +0200, Bachmann, Philipp via samba wrote:
> Dear Samba community,
> 
> from time to time the question pops up whether it has become possible
> to
> run a Samba Active Directory Domain Controller on top of an existing
> LDAP backend, e.g. OpenLDAP. I know that there was a project from
> Symas
> which provided an "--ldap-backend-type" option to "samba-tool domain"
> (
> https://github.com/Symas/samba/blob/master/python/samba/netcmd/domain.py
> ),
> but this has not been updated for a long time.

The use of ldap as the backend for Samba AD never came to anything and
very probably never will.

> 
> So: I'd be glad to know whether there is some way to use an existing
> LDAP server. My main motivation is not to use an LDAP server in the
> first place, but to maintain a central, authoritative database of
> users;
> so to ask my question in a more abstract way: What is the recommended
> way to use Samba AD DC in a heterogenous environment—can I e.g. feed
> Samba with identities from an identity management system (that will
> also
> feed other systems used for authentication and authorization like
> OpenLDAP, FreeIPA etc. to be used by non-Windows-systems)?
> 
> Any help will be appreciated!
> 
> Cheers
> Philipp

You could use trusts, but why not just use Samba AD as an IDM ?

Rowland





More information about the samba mailing list