integration of samba pdc with ldap backend into kolab

Jan Kowalsky jankow at datenkollektiv.net
Tue Nov 22 23:35:12 CET 2016



Am 21.11.2016 um 19:16 schrieb Geoff Nordli:
> 
> 
> On 2016-11-21 06:34 AM, Carlos R Laguna wrote:
>> El 17/11/16 a las 19:53, Geoff Nordli escribió:
>>>
>>> On 2016-11-17 02:49 PM, Jan Kowalsky wrote:
>>>> Hi all,
>>>>
>>>> since I was not very happy with the available possibilities for a
>>>> simple
>>>> management of a samba pdc (not AD) I thought about to integrate such a
>>>> management feature into kolab / kolab-webadmin. There are of course
>>>> some
>>>> ready made distributions like clearos, ucs or freeipa - but they are
>>>> heavy and do not fit all the time in an existing environment. But the
>>>> main point: they are mostly not integrated into a groupware. I tried
>>>> the
>>>> ldap account manager - but in the open source version it doesn't go
>>>> together with kolab because it doesn't support groupofuniquenames.
>>>>
>>>> So I did the following steps:
>>>>
>>>>    * import the samba ldap schema into 389-ds (why isn't it by
>>>> default?)
>>>>    * added a kolab user type with all the necessary samba attributes
>>>>    * configured the ldap aci for enable self writing of some attributes
>>>>    * did some simple changes in kolab webadmin for syncing samba
>>>>      passwords and getting samba domain configuration from
>>>>      kolab.conf
>>>>
>>>> While I did the provisioning of the samba domain with the samba-ldap
>>>> tools, in the result we can now manage users and groups easily from the
>>>> kolab webadmin.
>>>>
>>>> What do you think? Is it worth to share this in any howto? Do other
>>>> people still use samba pdc? Would it make sense to integrate this in
>>>> the
>>>> kolab-webadmin code?
>>>>
>>>> Best regards
>>>> Jan
>>>> _______________________________________________
>>>> users mailing list
>>>> users at lists.kolab.org
>>>> https://lists.kolab.org/mailman/listinfo/users
>>>
>>> Hi Jan.
>>>
>>> Yes, that would be very helpful.  I am just embarking on setting up a
>>> new system with Samba 4 as an Active Directory DC and will also be
>>> deploying Kolab 16.1 when it becomes available.
>>>
>>> thanks,
>>>
>>> Geoff
>>>
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at lists.kolab.org
>>> https://lists.kolab.org/mailman/listinfo/users
>>>
>> Hi Geoff,
>>
>> Last time i check samba4 does not use ldap as backend anymore, how
>> would you plan to use samba4 as kolab primary backend ?
>>
>>
> 
> Hi Carlos.
> 
> It has been a while since I have done samba work.  I haven't used Samba4
> yet and I didn't know it shipped with its own internal ldap server.
> 
> Have you tried integrating the two together?
> 
> It seems like I will have to create two silos, or maybe look at using
> the older 3.x version.

Hi Goff,

as Carlos wrote, it's not possible to use an external ldap backend for
samba4 - if you use it as an AD. But if a PDC is sufficiant it works. So
- to avoid misunderstandings - it's samba4 - but not with AD. My
question was indeed related to this point: how people use samba.
Primarily as AD replacement - or still with less functionality as PDC.

If you need AD, there have been some earlier posts on the list with the
suggestion to use sync tools like LSC.

Regard
Jan


More information about the users mailing list