Migration from Openldap to Samba 4 AD

  • Hi,
    we are migration from samba 3 with openldap to Samba 4 with AD. So we want to migrate our kopano from openldap to the new AD, to have not two sites to manage users. We integrated the kopano schema into our new AD and populated the attributes from openldap to AD with a python script.
    The attribute kopanoAliases is no longer available in AD. Where we have to put those aliases? (otherMailbox ?)

    How can we switch Kopano to AD from LDAP?


  • Kopano

    Hi @arndtw ,

    we have had many performance complaints with samba4. I recommend to do extensive load testing before you complete your migration.

    @arndtw said in Migration from Openldap to Samba 4 AD:

    Where we have to put those aliases? (otherMailbox ?)

    Yes, that is the usual attribute for for this in ad. afair

    @arndtw said in Migration from Openldap to Samba 4 AD:

    How can we switch Kopano to AD from LDAP?

    A lot of data in Kopano depends on the value of the unique user attribute. The recommendation would be to keep this value the same between the old auth source and the new one. If you really want/need to change it the same perl script that can be used to migrate users from db to ldap. Expect extended downtime while the script runs.

  • Hai,
    I noticed this.

    cat /usr/share/kopano/ldap.active-directory.cfg|grep Alias
    # Optional, default = kopanoAliases
    # Active directory: kopanoAliases
    # LDAP: kopanoAliases

    But in my Samba4 AD, the kopanoAliases are set with otherMailbox.

    @arndtw , with samba4 AD, make sure you run latest samba 4.8 or 4.9.
    samba 4.7 better already n the queries, 4.8-4.9+ are multi-threaded which helps a lot and optionaly you can enable preforking in 4.9.

    Look up what is indexed : ldbsearch -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -s base -b @INDEXLIST
    Lookup BaseDN : ldbsearch -H /$(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')/sam.ldb -s base -b "" defaultNamingContext
    Edit : ldbedit -H $(samba -b|grep PRIVATE_DIR|awk '{ print $NF }')//sam.ldb -b CN=SCHEMA,CN=CONFIGURATION,DC=.....baseDN.

    Lookup what you want to edit, and set : searchFlags: 1
    Tip, ```` ldbedit -e nano -H ```… Gives you the nano editor.

    And you need to run : samba-tool dbcheck --reindex on the server after the change’s
    You need to run this on every DC once.

Log in to reply