Schema updates and modern Samba AD
Andrew Bartlett
abartlet at samba.org
Tue May 26 08:37:39 UTC 2020
(resend from samba.org address)
G'Day Metze!
A long time ago I remember asking if we could change the default for
"dsdb:schema updates allowed" to true, so that this is no longer
guarded in Samba.
At the time you said, from memory, that while schema loading was much
better than it has been in the past, there are still ways to break your
directory with new schema, so we can't change it quite yet.
What I can't remember (or find in the list archive) is what those
issues are!
Can you remind me?
I ask because I'm updating
https://wiki.samba.org/index.php/Samba_AD_schema_extensions and I want
to include a practical guide to adding new schema, and make specific,
rather than generic 'here be dragons' warnings.
My hope is that this way we can encourage the use of appropriate schema
extensions, rather than ad-hoc re-use of other arbitrary attributes by
our administrators.
Thanks!
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list