>This still will not work, just port your users etc to AD and use this >instead. > >Do you use OpenDJ for anything other than authentication ? >If so, what ? > >RowlandHi Rowland, Thank you very much for the response. The OpenDJ is for user authentication and also user profile. Understand that Samba AD is unable to delegate authentication to an external source. We'll see how we can proceed with this info. Thank you! Best regards, Wong Kee Wee
On Sat, 2017-08-12 at 16:44 +0800, Wong Kee Wee via samba wrote:> > This still will not work, just port your users etc to AD and use this > > instead. > > > > Do you use OpenDJ for anything other than authentication ? > > If so, what ? > > > > Rowland > > Hi Rowland, > > Thank you very much for the response. > > The OpenDJ is for user authentication and also user profile. > > Understand that Samba AD is unable to delegate authentication to an external source. We'll see how we can proceed with this info.We realise it is frustrating, but the protocols give us little choice: we (Samba) have to be the authentication source. I wish you the best with you migration. See also the password sync support, which may assist if you need to keep a legacy system in sync. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Sat, 12 Aug 2017 16:44:14 +0800 (SGT) Wong Kee Wee via samba <samba at lists.samba.org> wrote:> >This still will not work, just port your users etc to AD and use > >this instead. > > > >Do you use OpenDJ for anything other than authentication ? > >If so, what ? > > > >Rowland > > Hi Rowland, > > Thank you very much for the response. > > The OpenDJ is for user authentication and also user profile. > > Understand that Samba AD is unable to delegate authentication to an > external source. We'll see how we can proceed with this info. >Then you do not need OpenDJ, which, from my cursory investigation, doesn't seem to get patched between versions (unless you pay for it). A Samba 4 AD will do everything that OpenDJ seems to do (and probably more). It will definitely do what you are doing now and is updated regularly for free. Rowland
>We realise it is frustrating, but the protocols give us little choice: >we (Samba) have to be the authentication source. > >I wish you the best with you migration. See also the password sync >support, which may assist if you need to keep a legacy system in sync. > >Andrew BartlettHi Andrew and Rowland, Thank you very much for your great help :)