samba - May 2025 - LDAP + SSSD + Winbind group membership updating

On Fri, 16 May 2025 18:41:27 +0300
Alex Moz via samba <samba at lists.samba.org> wrote:
> I broke my head trying to solve the LDAP group membership updating 
> issue. I need help.
> 
> ###### Description
> I've configured OpenLDAP + SSSD + Winbind + Samba 4.21.5 on Fedora 41.
Why ?
Why not use AD ?

Are you aware that sssd and winbind do much the same thing ?

What is your reason for using Openldap with Samba (which sounds
suspiciously like a PDC, which requires SMBv1) ? 

Rowland

On 2025-05-16 19:25, Rowland Penny via samba wrote:
> On Fri, 16 May 2025 18:41:27 +0300
> Alex Moz via samba <samba at lists.samba.org> wrote:
> 
>> I broke my head trying to solve the LDAP group membership updating
>> issue. I need help.
>> 
>> ###### Description
>> I've configured OpenLDAP + SSSD + Winbind + Samba 4.21.5 on Fedora
41.
> 
> Why ?
> Why not use AD ?
> 
> Are you aware that sssd and winbind do much the same thing ?
> 
> What is your reason for using Openldap with Samba (which sounds
> suspiciously like a PDC, which requires SMBv1) ?
> 
> Rowland
There is a really good reason. I try to create my own pet project for 
ACL orchestration. It's based on samba, openldap and a few of own 
middleware components. So it requires dynlist modules of the openldap 
and also use entries (users, groups, nested groups) both local and 
imported from AD (even form multiple AD forests) simultaneously. So 
there is only one trouble I faced with, which I described above. Could 
you suggest some thoughts/ways w/o AD? AD will not allow me to go 
further.