Bachmann, Philipp
2022-Jun-14 18:56 UTC
[Samba] Options integrating Samba AD DC with Identity Management sytems?
Dear Samba community, from time to time the question pops up whether it has become possible to run a Samba Active Directory Domain Controller on top of an existing LDAP backend, e.g. OpenLDAP. I know that there was a project from Symas which provided an "--ldap-backend-type" option to "samba-tool domain" (https://github.com/Symas/samba/blob/master/python/samba/netcmd/domain.py), but this has not been updated for a long time. So: I'd be glad to know whether there is some way to use an existing LDAP server. My main motivation is not to use an LDAP server in the first place, but to maintain a central, authoritative database of users; so to ask my question in a more abstract way: What is the recommended way to use Samba AD DC in a heterogenous environment?can I e.g. feed Samba with identities from an identity management system (that will also feed other systems used for authentication and authorization like OpenLDAP, FreeIPA etc. to be used by non-Windows-systems)? Any help will be appreciated! Cheers Philipp
Rowland Penny
2022-Jun-14 19:07 UTC
[Samba] Options integrating Samba AD DC with Identity Management sytems?
On Tue, 2022-06-14 at 20:56 +0200, Bachmann, Philipp via samba wrote:> Dear Samba community, > > from time to time the question pops up whether it has become possible > to > run a Samba Active Directory Domain Controller on top of an existing > LDAP backend, e.g. OpenLDAP. I know that there was a project from > Symas > which provided an "--ldap-backend-type" option to "samba-tool domain" > ( > https://github.com/Symas/samba/blob/master/python/samba/netcmd/domain.py > ), > but this has not been updated for a long time.The use of ldap as the backend for Samba AD never came to anything and very probably never will.> > So: I'd be glad to know whether there is some way to use an existing > LDAP server. My main motivation is not to use an LDAP server in the > first place, but to maintain a central, authoritative database of > users; > so to ask my question in a more abstract way: What is the recommended > way to use Samba AD DC in a heterogenous environment?can I e.g. feed > Samba with identities from an identity management system (that will > also > feed other systems used for authentication and authorization like > OpenLDAP, FreeIPA etc. to be used by non-Windows-systems)? > > Any help will be appreciated! > > Cheers > PhilippYou could use trusts, but why not just use Samba AD as an IDM ? Rowland