LDAP question..

[Eric Warnke]

>meester howard, perhaps you could give us a quick update on what ldap.c
>does (compile? :-)  from what i know, the clear-text-equivalent password
>hashes are not currently obfuscated in any way.


LDAP entries can be selectivly hidden by ACL's on the tree.  Just like you
cann read a password from an LDAP tree, only compare, and if you are that
user, change.

>> Has anyone thought of using LDAP for configuration DB too?
>
>yes.
>
>> ie login script, profile directory,
>> login times.. and workstation info too...  mabye?
>
>that's the passwdDB's job
>


Oops... just saw that in the code.  I think I have a pretty good idea on how
the schema works now, and I have some problems with it.  Specificly how
RID's and groups work.  Can we discuss a generic groupDB system too while we
are at it.

>> I would be willing to work with the source to see how hard it would be
make
>> the smb.conf into a generic configDB like the passwdDB support.
>>
>
>good!  after getting some [user] feedback from people on what they think
>should go in a configDB API, talk about this on samba-technical?


I'll draw up a possible schema and post it there, there are a few skinging
points in the current config system that would need to be updated.
Specificly include files?  mabey we can change this to include refrence?

Another brief question, has anyone thought of useing solaris ACL's to mimic
NT ACL's.  They have all the same functionality, why not use them?  How far
off are we from supporting ACL's?


Eric Warnke
Sys Admin, ResNet
University at Albany, NY
eric at snowmoon.com / ericw at albany.edu