samba - Mar 2014 - Samba3 to Samba4 migration: Databases and backend.

Hi!

We're currently in the process of evaluating an upgrade from our current
setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.

When we started reading about the migration process, we were led to believe that
OpenLDAP wasn't fully supported in Samba4, and thus decided to use
Samba4's builtin solution.
Then upon reading the How-To on the Wiki, the "Migrating from LDAP
backend" section shows how to migrate the database into another OpenLDAP
database using slapcat and slapadd.
Information on multiple forum threads seem to contradict itself more than once.
Is OpenLDAP really not the way to go anymore, or is the information stating it
is somewhat deprecated too old?
Is there any downside as to use OpenLDAP with Samba4 (such as the inability to
use GPOs on our Windows clients)?

Since we were not sure about the previous, we decided to try an upgrade in our
test environment, and stick with Samba4's builtin database.
Is there a way to import our user and group data from our previous OpenLDAP
database into Samba4's builtin database?
I have seen a ldbadd tool which I believe might be what I am looking for,
although my attempts at importing the data from my LDIF file have proven
unsuccessful.

We would like to be able to migrate from Samba3 to Samba4 while preserving our
user information, including passwords. Is it possible to do so from our current
setup to Samba4?
Being able to aggregate all the necessary services under Samba4 has a lot of
appeal, but I am not sure as how I should proceed.

I have just begun working with Samba and LDAP, and therefore I am sorry if my
questions might seem obvious, but I am trying to make sense of it all.

Thank you for any help you can provide!


Alexandre

On Mon, 2014-03-03 at 17:16 -0500, Alexandre Beauclair
wrote:
> Hi!
> 
> We're currently in the process of evaluating an upgrade from our
current setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.
> 
> When we started reading about the migration process, we were led to believe
that OpenLDAP wasn't fully supported in Samba4, and thus decided to use
Samba4's builtin solution.
> Then upon reading the How-To on the Wiki, the "Migrating from LDAP
backend" section shows how to migrate the database into another OpenLDAP
database using slapcat and slapadd.
> Information on multiple forum threads seem to contradict itself more than
once.
> Is OpenLDAP really not the way to go anymore, or is the information stating
it is somewhat deprecated too old?
> Is there any downside as to use OpenLDAP with Samba4 (such as the inability
to use GPOs on our Windows clients)?
Can you give me the links you found to be confusing?  I would like to
clarify them.
> Since we were not sure about the previous, we decided to try an upgrade in
our test environment, and stick with Samba4's builtin database.
> Is there a way to import our user and group data from our previous OpenLDAP
database into Samba4's builtin database?
The tool is 'samba-tool domain classicupgrade'.  See
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO

This handles users, groups and passwords.  We would like to see this
tool extended to handle other attributes often set in LDAP, either by
somehow invoking the samba3sam ldb module (it is a mapping module we
have already written), or (perhaps more flexibly) invoking a easily
modified mapping function on the python script.

It would be desirable if we could also have a test for this mode of
operation, to ensure it does not encounter regressions. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba