Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba3 to Samba4 migration: Databases and backend.
137 views
Skip to first unread message
Alexandre Beauclair
Mar 3, 2014, 5:16:43 PM3/3/14
to
Hi!
We're currently in the process of evaluating an upgrade from our current setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.
When we started reading about the migration process, we were led to believe that OpenLDAP wasn't fully supported in Samba4, and thus decided to use Samba4's builtin solution.
Then upon reading the How-To on the Wiki, the "Migrating from LDAP backend" section shows how to migrate the database into another OpenLDAP database using slapcat and slapadd.
Information on multiple forum threads seem to contradict itself more than once.
Is OpenLDAP really not the way to go anymore, or is the information stating it is somewhat deprecated too old?
Is there any downside as to use OpenLDAP with Samba4 (such as the inability to use GPOs on our Windows clients)?
Since we were not sure about the previous, we decided to try an upgrade in our test environment, and stick with Samba4's builtin database.
Is there a way to import our user and group data from our previous OpenLDAP database into Samba4's builtin database?
I have seen a ldbadd tool which I believe might be what I am looking for, although my attempts at importing the data from my LDIF file have proven unsuccessful.
We would like to be able to migrate from Samba3 to Samba4 while preserving our user information, including passwords. Is it possible to do so from our current setup to Samba4?
Being able to aggregate all the necessary services under Samba4 has a lot of appeal, but I am not sure as how I should proceed.
I have just begun working with Samba and LDAP, and therefore I am sorry if my questions might seem obvious, but I am trying to make sense of it all.
Thank you for any help you can provide!
Alexandre
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
We're currently in the process of evaluating an upgrade from our current setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.
When we started reading about the migration process, we were led to believe that OpenLDAP wasn't fully supported in Samba4, and thus decided to use Samba4's builtin solution.
Then upon reading the How-To on the Wiki, the "Migrating from LDAP backend" section shows how to migrate the database into another OpenLDAP database using slapcat and slapadd.
Information on multiple forum threads seem to contradict itself more than once.
Is OpenLDAP really not the way to go anymore, or is the information stating it is somewhat deprecated too old?
Is there any downside as to use OpenLDAP with Samba4 (such as the inability to use GPOs on our Windows clients)?
Since we were not sure about the previous, we decided to try an upgrade in our test environment, and stick with Samba4's builtin database.
Is there a way to import our user and group data from our previous OpenLDAP database into Samba4's builtin database?
I have seen a ldbadd tool which I believe might be what I am looking for, although my attempts at importing the data from my LDIF file have proven unsuccessful.
We would like to be able to migrate from Samba3 to Samba4 while preserving our user information, including passwords. Is it possible to do so from our current setup to Samba4?
Being able to aggregate all the necessary services under Samba4 has a lot of appeal, but I am not sure as how I should proceed.
I have just begun working with Samba and LDAP, and therefore I am sorry if my questions might seem obvious, but I am trying to make sense of it all.
Thank you for any help you can provide!
Alexandre
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
Mar 3, 2014, 5:56:04 PM3/3/14
to
On Mon, 2014-03-03 at 17:16 -0500, Alexandre Beauclair wrote:
> Hi!
>
> We're currently in the process of evaluating an upgrade from our current setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.
>
> When we started reading about the migration process, we were led to believe that OpenLDAP wasn't fully supported in Samba4, and thus decided to use Samba4's builtin solution.
> Then upon reading the How-To on the Wiki, the "Migrating from LDAP backend" section shows how to migrate the database into another OpenLDAP database using slapcat and slapadd.
> Information on multiple forum threads seem to contradict itself more than once.
> Is OpenLDAP really not the way to go anymore, or is the information stating it is somewhat deprecated too old?
> Is there any downside as to use OpenLDAP with Samba4 (such as the inability to use GPOs on our Windows clients)?
Can you give me the links you found to be confusing? I would like to
> Hi!
>
> We're currently in the process of evaluating an upgrade from our current setup (Samba3 with Kerberos/OpenLDAP and Bind), to Samba4.
>
> When we started reading about the migration process, we were led to believe that OpenLDAP wasn't fully supported in Samba4, and thus decided to use Samba4's builtin solution.
> Then upon reading the How-To on the Wiki, the "Migrating from LDAP backend" section shows how to migrate the database into another OpenLDAP database using slapcat and slapadd.
> Information on multiple forum threads seem to contradict itself more than once.
> Is OpenLDAP really not the way to go anymore, or is the information stating it is somewhat deprecated too old?
> Is there any downside as to use OpenLDAP with Samba4 (such as the inability to use GPOs on our Windows clients)?
clarify them.
> Since we were not sure about the previous, we decided to try an upgrade in our test environment, and stick with Samba4's builtin database.
> Is there a way to import our user and group data from our previous OpenLDAP database into Samba4's builtin database?
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
This handles users, groups and passwords. We would like to see this
tool extended to handle other attributes often set in LDAP, either by
somehow invoking the samba3sam ldb module (it is a mapping module we
have already written), or (perhaps more flexibly) invoking a easily
modified mapping function on the python script.
It would be desirable if we could also have a test for this mode of
operation, to ensure it does not encounter regressions.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Alexandre Beauclair
Mar 4, 2014, 10:53:38 AM3/4/14
to
Hi Andrew,
Thank you for the reply!
>The tool is 'samba-tool domain classicupgrade'. See
>https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
>
>This handles users, groups and passwords. We would like to see this
>tool extended to handle other attributes often set in LDAP, either by
>somehow invoking the samba3sam ldb module (it is a mapping module we
>have already written), or (perhaps more flexibly) invoking a easily
>modified mapping function on the python script.
Upon reading this, I found out I forgot to mention that our Samba4 installation will be on another new server.
If my understanding is correct, this tool is only used when doing an "in-place" upgrade?
Can it be used when trying to migrate the data to a new server as well?
What we are currently trying to do, is install Samba4 on a new server (we are using the SerNet packages), and then try to import all the necessary data from OpenLDAP, Kerberos and our DNS on it.
The thing is, we first installed the Sernet packages, and then would appear there is a conflict when trying to install OpenLDAP, and it would not let us install it. It seems like sernet-samba-ad and openldap are mutually exclusive.
>Can you give me the links you found to be confusing? I would like to
>clarify them.
Sure thing!
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
Back when I started reading on the migration process, this is the first page I ran into. It mentionned a way to migrate from an OpenLDAP backend, and I thought it was supported since it was in the Samba Wiki. Then when I wasn't able to install
OpenLDAP after getting the Sernet Packages, I wondered how it would be possible to slapadd the backup.ldif file (since OpenLDAP wasn't there, hence no slapadd).
I then read in these links that using an OpenLDAP is not recommended.
https://wiki.samba.org/index.php/Samba4/LDAP_Backend
http://us.generation-nt.com/answer/samba-samba4-ldap-help-205468881.html
http://www.openldap.org/lists/openldap-technical/201308/msg00266.html
This is when we decided to stick Samba4's builtin database, and wondered if importing the data from OpenLDAP would be possible. Now I realize some of this information might be out of date, but I'm not sure where to start to validate which is still valid or not.
What would then be the recommended way for us to proceed? We would simply want to consolidate everything under Samba4 on a new server while preserving the current data we have.
Thanks again for the help!
Alexandre Beauclair
Thank you for the reply!
>The tool is 'samba-tool domain classicupgrade'. See
>https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
>
>This handles users, groups and passwords. We would like to see this
>tool extended to handle other attributes often set in LDAP, either by
>somehow invoking the samba3sam ldb module (it is a mapping module we
>have already written), or (perhaps more flexibly) invoking a easily
>modified mapping function on the python script.
If my understanding is correct, this tool is only used when doing an "in-place" upgrade?
Can it be used when trying to migrate the data to a new server as well?
What we are currently trying to do, is install Samba4 on a new server (we are using the SerNet packages), and then try to import all the necessary data from OpenLDAP, Kerberos and our DNS on it.
The thing is, we first installed the Sernet packages, and then would appear there is a conflict when trying to install OpenLDAP, and it would not let us install it. It seems like sernet-samba-ad and openldap are mutually exclusive.
>Can you give me the links you found to be confusing? I would like to
>clarify them.
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
Back when I started reading on the migration process, this is the first page I ran into. It mentionned a way to migrate from an OpenLDAP backend, and I thought it was supported since it was in the Samba Wiki. Then when I wasn't able to install
OpenLDAP after getting the Sernet Packages, I wondered how it would be possible to slapadd the backup.ldif file (since OpenLDAP wasn't there, hence no slapadd).
I then read in these links that using an OpenLDAP is not recommended.
https://wiki.samba.org/index.php/Samba4/LDAP_Backend
http://us.generation-nt.com/answer/samba-samba4-ldap-help-205468881.html
http://www.openldap.org/lists/openldap-technical/201308/msg00266.html
This is when we decided to stick Samba4's builtin database, and wondered if importing the data from OpenLDAP would be possible. Now I realize some of this information might be out of date, but I'm not sure where to start to validate which is still valid or not.
What would then be the recommended way for us to proceed? We would simply want to consolidate everything under Samba4 on a new server while preserving the current data we have.
Thanks again for the help!
Alexandre Beauclair
Andrew Bartlett
Mar 4, 2014, 10:31:48 PM3/4/14
to
On Tue, 2014-03-04 at 10:53 -0500, Alexandre Beauclair wrote:
> Hi Andrew,
>
> Thank you for the reply!
>
>
> >The tool is 'samba-tool domain classicupgrade'. See
> >https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
> >
> >This handles users, groups and passwords. We would like to see this
> >tool extended to handle other attributes often set in LDAP, either by
> >somehow invoking the samba3sam ldb module (it is a mapping module we
> >have already written), or (perhaps more flexibly) invoking a easily
> >modified mapping function on the python script.
>
> Upon reading this, I found out I forgot to mention that our Samba4 installation will be on another new server.
> If my understanding is correct, this tool is only used when doing an "in-place" upgrade?
> Can it be used when trying to migrate the data to a new server as well?
Yes. This is trivial for tdb-based installations, and harder for LDAP
> Hi Andrew,
>
> Thank you for the reply!
>
>
> >The tool is 'samba-tool domain classicupgrade'. See
> >https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
> >
> >This handles users, groups and passwords. We would like to see this
> >tool extended to handle other attributes often set in LDAP, either by
> >somehow invoking the samba3sam ldb module (it is a mapping module we
> >have already written), or (perhaps more flexibly) invoking a easily
> >modified mapping function on the python script.
>
> Upon reading this, I found out I forgot to mention that our Samba4 installation will be on another new server.
> If my understanding is correct, this tool is only used when doing an "in-place" upgrade?
> Can it be used when trying to migrate the data to a new server as well?
based installs, because you have to get to LDAP.
> What we are currently trying to do, is install Samba4 on a new server
> (we are using the SerNet packages), and then try to import all the
> necessary data from OpenLDAP, Kerberos and our DNS on it.
> The thing is, we first installed the Sernet packages, and then would
> appear there is a conflict when trying to install OpenLDAP, and it
> would not let us install it. It seems like sernet-samba-ad and
> openldap are mutually exclusive.
configuration a debian package. I was surprised too when installing
slapd started it, but don't know my debian well enough to prevent
that.
While if both running they would choose the same port, the way you want
to invoke slapd in this case is to run that before Samba starts for the
first time, preferably only on a unix domain socket.
> >Can you give me the links you found to be confusing? I would like to
> >clarify them.
>
> Sure thing!
>
> https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
>
> Back when I started reading on the migration process, this is the
> first page I ran into. It mentionned a way to migrate from an OpenLDAP
> backend, and I thought it was supported since it was in the Samba
> Wiki. Then when I wasn't able to install
> OpenLDAP after getting the Sernet Packages, I wondered how it would be
> possible to slapadd the backup.ldif file (since OpenLDAP wasn't there,
> hence no slapadd).
>
> I then read in these links that using an OpenLDAP is not recommended.
>
> https://wiki.samba.org/index.php/Samba4/LDAP_Backend
> http://us.generation-nt.com/answer/samba-samba4-ldap-help-205468881.html
> http://www.openldap.org/lists/openldap-technical/201308/msg00266.html
>
> This is when we decided to stick Samba4's builtin database, and
> wondered if importing the data from OpenLDAP would be possible. Now I
> realize some of this information might be out of date, but I'm not
> sure where to start to validate which is still valid or not.
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO page made you feel line importing from OpenLDAP wasn't supported? It seems pretty clear to me, so I'm at a loss how to improve it.
> What would then be the recommended way for us to proceed? We would simply want to consolidate everything under Samba4 on a new server while preserving the current data we have.
smb.conf to your old LDAP server over ldaps://
Alexandre Beauclair
Mar 7, 2014, 2:08:40 PM3/7/14
to
Hi Andrew,
Sorry for the last reponse, I have been quite busy.
>What in the
>https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO page made you feel line importing from OpenLDAP wasn't supported? It seems pretty clear to me, so I'm at a loss how >to improve it.
I meant that the HOWTO page actually led me to believe it WAS supported, but the other 3 links did not, hence my confusion. Thanks for the clarification.
>Figure out how to have slapd installed on your new system, or point the
>smb.conf to your old LDAP server over ldaps://
I will try do so, thank you!
Alexandre Beauclair
----- Original Message -----
From: "Andrew Bartlett" <abar...@samba.org>
To: "Alexandre Beauclair" <beauc...@lexum.com>
Cc: sa...@lists.samba.org
Sent: Tuesday, March 4, 2014 10:31:48 PM
Subject: Re: [Samba] Samba3 to Samba4 migration: Databases and backend.
Sorry for the last reponse, I have been quite busy.
>What in the
>https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO page made you feel line importing from OpenLDAP wasn't supported? It seems pretty clear to me, so I'm at a loss how >to improve it.
>Figure out how to have slapd installed on your new system, or point the
>smb.conf to your old LDAP server over ldaps://
Alexandre Beauclair
----- Original Message -----
From: "Andrew Bartlett" <abar...@samba.org>
To: "Alexandre Beauclair" <beauc...@lexum.com>
Cc: sa...@lists.samba.org
Sent: Tuesday, March 4, 2014 10:31:48 PM
Subject: Re: [Samba] Samba3 to Samba4 migration: Databases and backend.
Andrew Bartlett
Mar 8, 2014, 7:18:18 PM3/8/14
to
On Fri, 2014-03-07 at 14:08 -0500, Alexandre Beauclair wrote:
> Hi Andrew,
>
> Hi Andrew,
>
> Sorry for the last reponse, I have been quite busy.
>
> >What in the
> >https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO page made you feel line importing from OpenLDAP wasn't supported? It seems pretty clear to me, so I'm at a loss how >to improve it.
>
> I meant that the HOWTO page actually led me to believe it WAS supported, but the other 3 links did not, hence my confusion. Thanks for the clarification.
I've added some more context to:
>
> >What in the
> >https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO page made you feel line importing from OpenLDAP wasn't supported? It seems pretty clear to me, so I'm at a loss how >to improve it.
>
> I meant that the HOWTO page actually led me to believe it WAS supported, but the other 3 links did not, hence my confusion. Thanks for the clarification.
> > https://wiki.samba.org/index.php/Samba4/LDAP_Backend
Hopefully that is clearer now.
0 new messages