Samba4 with OpenLDAP backend by Nadezhda Ivanova, Software Engineer at Symas Corporation (LDAPCon 2015) Samba4 with an OpenLDAP backend was attempted many years ago, for the obvious reason: to combine the powerful, scalable and reliable OpenLDAP server with the AD compatibility of Samba4 and provide a viable, AD compatible LDAP server. The initial project was gradually abandoned, for several reasons, among which the difficulty of trying to map the AD LDAP semantics to the standard LDAPv3 semantics without loss of functionality, but mostly because of lack of resources for testing and development, as the Samba4 ldb/tdb implementation caught caught up with AD functionality and grew in complexity. As the corresponding Samba test suite grew as well, it became clear that a simple ldap proxy backend for Samba4 is untenable, and support for the project was discontinued. More than a year ago, the project was revived thanks to Symas Corporation, with a new goal: to implement a proper OpenLDAP backend for Samba4, by actually relieving Samba4 of the need to maintain it's own LDAP server, and using OpenLDAP to both handle all LDAP traffic, and serve as a backend for the RPC protocols still supported by Samba. This essentially meant reimplementation of the AD-specific LDAP Samba modules as OpenLDAP overlays, and relying entirely on OpenLDAP to handle authentication and authorization of LDAP traffic. The talk will include: Presentation of the project architecture and design Explanation of the new overlays and their function, as well as the corresponding functionality they replace in Samba. additional changes to OpenLDAP functionality and configuration, such as the ability to parse and load Microsoft type schema, understand Microsoft-specific syntaxes, etc. Among the implemented overlays are: creation and generation and NT style security descriptors and access checks generation of the AD specific operational attributes maintaining the consistency of the SAM database creation and maintenance of new partitions maintaining the consistency of attributes required for replication many others. It will also include suggestions for configuration, installation and testing.