samba - Dec 2022 - Use the samba AD database from a web or other application

Hi there,

Currently I have a samba 3.5.x in NT4 mode with an ldap backend. I
perform several tests to migrate to samba 4 in AD mode.

To simplify migration and management over time, I no longer want to use
the ldap backend. My problem is that I have different application
(firewall, internal web...) which uses the ldap database for the user
account part.

For the moment I have not found any documentation or example explaining
how to query the samba 4 user base from an external application.

Is it doable? If yes, how ?

Thanks in advance.
Philippe


--
Cordialement,


Philippe Maladjian
Responsable informatique
Ligne directe : +33 (0)4 72 14 50 66
Portable :
Assistante :

[http://www.hilaire.fr/tools/signature.jpg]<https://hilaire.fr>

HILAIRE s.a.s.
203 - 205 rue Jean Voillot, 69100 Villeurbanne - France
T?l. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03
https://hilaire.fr

Op 06-12-2022 om 08:48 schreef Philippe Maladjian via
samba:
> Hi there,
>
> Currently I have a samba 3.5.x in NT4 mode with an ldap backend. I
> perform several tests to migrate to samba 4 in AD mode.
>
> To simplify migration and management over time, I no longer want to use
> the ldap backend. My problem is that I have different application
> (firewall, internal web...) which uses the ldap database for the user
> account part.
>
> For the moment I have not found any documentation or example explaining
> how to query the samba 4 user base from an external application.
>
> Is it doable? If yes, how ?
Sure, with LDAP queries it is easy to get users, groups etc. or to check 
(nested) membership of a group.

Samba 4 (DC) acts as an Active Directory domain controller. Active 
directory is combination of mainly Kerberos and LDAP. Kerberos is really 
handy for authentication and SSO, LDAP more for authorization, user 
information etc.
>
> Thanks in advance.
> Philippe
>
>
> --
> Cordialement,
>
>
> Philippe Maladjian
> Responsable informatique
> Ligne directe : +33 (0)4 72 14 50 66
> Portable :
> Assistante :
>
> [http://www.hilaire.fr/tools/signature.jpg]<https://hilaire.fr>
>
> HILAIRE s.a.s.
> 203 - 205 rue Jean Voillot, 69100 Villeurbanne - France
> T?l. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03
> https://hilaire.fr
>

On 06/12/2022 07:48, Philippe Maladjian via samba wrote:
> Hi there,
> 
> Currently I have a samba 3.5.x in NT4 mode with an ldap backend. I
> perform several tests to migrate to samba 4 in AD mode.
Samba 3.5.x went EOL nearly 10 years ago.
> 
> To simplify migration and management over time, I no longer want to use
> the ldap backend. 
You will not be able to use Samba with ldap in the near future. Samba is 
working on removing SMBv1 and it is required for an NT4-style domain, so 
no SMBv1, no NT4-style domain.
> My problem is that I have different application
> (firewall, internal web...) which uses the ldap database for the user
> account part.
How are they using Samba at the moment, ldap queries, via nsswitch or 
something else ?
They will all work pretty much in the same way and you also be able to 
bring kerberos into the mix.
> 
> For the moment I have not found any documentation or example explaining
> how to query the samba 4 user base from an external application.
> 
> Is it doable? If yes, how ?
Yes and have you read the Samba wiki:

https://wiki.samba.org/index.php/Main_Page

Rowland

Mandi! Philippe Maladjian via samba
  In chel di` si favelave...
> Is it doable? If yes, how ?
yes. roughy exactly as you do with LDAP (i suppose OpenLDAP).

The ony main difference is that AD normally use authenticated user to access
the LDAP tre, so you need to setup an user (and password) and add to your
LDAP code.

No 'ananymoys access', shortly.

-- 
  Se si insegna a un bambino a programmare in qualche linguaggio
  informatico, questo esercizio logico lo render? padrone e non
  schiavo del computer.					(Umberto Eco)