HolyTaint
2022-Mar-17 20:54 UTC
[Samba] Protocol differences between RFC and Active Directory?
What are the protocol differences between RFC LDAP and Active Directory LDAP implementation that make hard if not impossible having OpenLDAP taking samba role as AD LDAP interface? Ex, single common name, then?
Andrew Bartlett
2022-Mar-17 21:26 UTC
[Samba] Protocol differences between RFC and Active Directory?
On Thu, 2022-03-17 at 21:54 +0100, HolyTaint via samba wrote:> What are the protocol differences between RFC LDAP and Active > Directory LDAP implementation that make hard if not impossible having > OpenLDAP taking samba role as AD LDAP interface? > Ex, single common name, then?There are a lot. The thing that trips up most is authenticated by default, but the schema is just different, the typical layouts are different. If there are particular niggles that really annoy, we could take patches provided they don't break AD behaviour, eg accepting the OpenLDAP password change control. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
Michael Wandel
2022-Mar-18 07:26 UTC
[Samba] Protocol differences between RFC and Active Directory?
Hi, there are some interesting talks on the ldapcon conference in the past on this challenge. https://ldapcon.org/2019/wp-content/events/presentations/ni_samba_backend.pdf and some infos about ldap extended controls and more from ms https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/3c5e87db-4728-4f29-b164-01dd7d7391ea best regards Michael Am 17.03.22 um 21:54 schrieb HolyTaint via samba:> What are the protocol differences between RFC LDAP and Active Directory LDAP implementation that make hard if not impossible having OpenLDAP taking samba role as AD LDAP interface? > Ex, single common name, then? >-- mit vielen Gr??en Michael Wandel 33647 Bielefeld Braakstr. 43 Mail: m.wandel at t-online.de