Andrew Martin
2012-Aug-27 21:42 UTC
[Samba] Support for Linux Authentication with Samba4's Internal LDAP Server
Hello, This topic has been touched on in the past, but I'd like to ask for additional clarification on the structure of the internal LDAP server that Samba4 provides. I currently am using OpenLDAP for authenticating Linux servers and a number of web-based services. I also use Samba 3 for presenting shares to Windows users, but it maintains a separate password database. I would like to migrate to a single sign-on, ideally using Samba4. I use the inetOrgPerson schema for users ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/ inet OrgPerson.html ) and the posixGroup schema for groups ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/posixGroup.html ). Does the internal LDAP server in Samba4 support these schemas? I don't mind writing some scripts to manually populate/update additional fields as needed, but need to know that services which expect a regular LDAP server would be able to utilize the Samba4 one? Thanks, Andrew Martin
Andrew Bartlett
2012-Aug-28 08:32 UTC
[Samba] Support for Linux Authentication with Samba4's Internal LDAP Server
On Mon, 2012-08-27 at 16:42 -0500, Andrew Martin wrote:> Hello, > > > This topic has been touched on in the past, but I'd like to ask for > additional clarification on the structure of the internal LDAP server > that Samba4 provides. I currently am using OpenLDAP for authenticating > Linux servers and a number of web-based services. I also use Samba 3 > for presenting shares to Windows users, but it maintains a separate > password database. I would like to migrate to a single sign-on, > ideally using Samba4. I use the inetOrgPerson schema for users > ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/ > inet OrgPerson.html ) and the posixGroup schema for groups > ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/posixGroup.html ). Does the internal LDAP server in Samba4 support these schemas? I don't mind writing some scripts to manually populate/update additional fields as needed, but need to know that services which expect a regular LDAP server would be able to utilize the Samba4 one?You should be able to use both of those, and do a simple bind against Samba4 for password validation. You can even avoid using a DN for the simple bind, we also accept user at realm and domain\user as the 'DN'. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org