[Samba] Options integrating Samba AD DC with Identity Management sytems?

Zombie Ryushu zombie_ryushu at yahoo.com
Tue Jun 14 20:29:14 UTC 2022

On 6/14/22 15:07, Rowland Penny via samba wrote:
> On Tue, 2022-06-14 at 20:56 +0200, Bachmann, Philipp via samba wrote:
>> Dear Samba community,
>> from time to time the question pops up whether it has become possible
>> to
>> run a Samba Active Directory Domain Controller on top of an existing
>> LDAP backend, e.g. OpenLDAP. I know that there was a project from
>> Symas
>> which provided an "--ldap-backend-type" option to "samba-tool domain"
>> (
>> https://github.com/Symas/samba/blob/master/python/samba/netcmd/domain.py
>> ),
>> but this has not been updated for a long time.
> The use of ldap as the backend for Samba AD never came to anything and
> very probably never will.
>> So: I'd be glad to know whether there is some way to use an existing
>> LDAP server. My main motivation is not to use an LDAP server in the
>> first place, but to maintain a central, authoritative database of
>> users;
>> so to ask my question in a more abstract way: What is the recommended
>> way to use Samba AD DC in a heterogenous environment—can I e.g. feed
>> Samba with identities from an identity management system (that will
>> also
>> feed other systems used for authentication and authorization like
>> OpenLDAP, FreeIPA etc. to be used by non-Windows-systems)?
>> Any help will be appreciated!
>> Cheers
>> Philipp
> You could use trusts, but why not just use Samba AD as an IDM ?
> Rowland
Can I have more about what you are trying to do? Samba 4 can't be 
backended as an AD to other LDAP servers, but It can service other LDAP 

More information about the samba mailing list