Samba AD External Authentication to OpenDJ

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Samba AD External Authentication to OpenDJ

Samba - General mailing list
Hi everyone,

Currently we have an existing OpenDJ LDAP Server containing our user
population.

We are looking to implement Samba AD to leverage on the GPO to managed
the end users' workstations and file share centrally.
We are exploring if it is possible to delegate the user authentication
to the external OpenDJ so that we will only need to manage one set of
password for the users.

I have tried Googling for more information on this integration but the
best info I can find is this thread back in 2015, where the developer
stated that it wasn't possible then.
https://lists.samba.org/archive/samba/2015-March/189733.html

Are there any possiblity to authentication with an external source
currently or is it still a pipe dream?

Thank you!
--
Best regards,
_Wong_ Kee Wee
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba AD External Authentication to OpenDJ

Samba - General mailing list
On Fri, 11 Aug 2017 18:22:12 +0800
Wong Kee Wee via samba <[hidden email]> wrote:

> Hi everyone,
>
> Currently we have an existing OpenDJ LDAP Server containing our user
> population.
>
> We are looking to implement Samba AD to leverage on the GPO to
> managed the end users' workstations and file share centrally.
> We are exploring if it is possible to delegate the user
> authentication to the external OpenDJ so that we will only need to
> manage one set of password for the users.
>
> I have tried Googling for more information on this integration but
> the best info I can find is this thread back in 2015, where the
> developer stated that it wasn't possible then.
> https://lists.samba.org/archive/samba/2015-March/189733.html
>
> Are there any possiblity to authentication with an external source
> currently or is it still a pipe dream?
>
> Thank you!

This still will not work, just port your users etc to AD and use this
instead.

Do you use OpenDJ for anything other than authentication ?
If so, what ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba AD External Authentication to OpenDJ

Samba - General mailing list
>This still will not work, just port your users etc to AD and use this
>instead.
>
>Do you use OpenDJ for anything other than authentication ?
>If so, what ?
>
>Rowland

Hi Rowland,

Thank you very much for the response.

The OpenDJ is for user authentication and also user profile.

Understand that Samba AD is unable to delegate authentication to an external source. We'll see how we can proceed with this info.

Thank you!

Best regards,
Wong Kee Wee

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba AD External Authentication to OpenDJ

Samba - General mailing list
On Sat, 2017-08-12 at 16:44 +0800, Wong Kee Wee via samba wrote:

> > This still will not work, just port your users etc to AD and use this
> > instead.
> >
> > Do you use OpenDJ for anything other than authentication ?
> > If so, what ?
> >
> > Rowland
>
> Hi Rowland,
>
> Thank you very much for the response.
>
> The OpenDJ is for user authentication and also user profile.
>
> Understand that Samba AD is unable to delegate authentication to an external source. We'll see how we can proceed with this info.

We realise it is frustrating, but the protocols give us little choice:
we (Samba) have to be the authentication source.

I wish you the best with you migration.  See also the password sync
support, which may assist if you need to keep a legacy system in sync.

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba AD External Authentication to OpenDJ

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Sat, 12 Aug 2017 16:44:14 +0800 (SGT)
Wong Kee Wee via samba <[hidden email]> wrote:

> >This still will not work, just port your users etc to AD and use
> >this instead.
> >
> >Do you use OpenDJ for anything other than authentication ?
> >If so, what ?
> >
> >Rowland
>
> Hi Rowland,
>
> Thank you very much for the response.
>
> The OpenDJ is for user authentication and also user profile.
>
> Understand that Samba AD is unable to delegate authentication to an
> external source. We'll see how we can proceed with this info.
>

Then you do not need OpenDJ, which, from my cursory investigation,
doesn't seem to get patched between versions (unless you pay for it).

A Samba 4 AD will do everything that OpenDJ seems to do (and probably
more). It will definitely do what you are doing now and is updated
regularly for free.

Rowland
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba AD External Authentication to OpenDJ

Samba - General mailing list
In reply to this post by Samba - General mailing list
>We realise it is frustrating, but the protocols give us little choice:
>we (Samba) have to be the authentication source.
>
>I wish you the best with you migration. See also the password sync
>support, which may assist if you need to keep a legacy system in sync.
>
>Andrew Bartlett

Hi Andrew and Rowland,

Thank you very much for your great help :)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba