LDAP schema

Luke Kenneth Casson Leighton lkcl at switchboard.net
Sun Nov 29 18:43:19 GMT 1998


On Fri, 27 Nov 1998, Matt Chapman wrote:

> Jean Francois Micouleau wrote:
> 
> > On Fri, 27 Nov 1998, Matt Chapman wrote:
> >
> > > LDAP support is coming along well, and I would like some comments as to the
> > > schema.
> >
> > I've done some digging on my disks of the LDAP skeleton I wrote 6 months
> > ago. Take also a look at the AD schema on MS site.
> 
> Thanks.
> 
> A number of those attributes aren't of very much use to us though; they only
> surface at certain info levels which it would be absurd to add passdb routines

actually, take a look at rpc_server/srv_netlog.c, api_net_sam_logon: it
uses practically all of the entries mentioned.  a SAM database user entry
has about twenty five bits of info per user.

> I would like to see what Luke has to say on the issue of storing RIDs, SIDs,
> etc. as opposed to generating them...,

i _hate_ the concept of "creating" RIDs mathematically from uids, i really
do.  i don't mind "creating" them mathematically off-line or on-demand and
having them stored.

the only reason i'm going with the mathematical-generation at the moment
is specifically because private/smbpasswd, the only working database at
the moment, doesn't support RIDs, it supports unix UIDs.


> but certainly in the schema I'll be
> adding a few more attributes to those in that example.

please do.
 
> I did have a look at Microsoft's AD docs before and they seem to go into their
> new NT5 groups schema in great detail but not say very much about individual
> user information... was I looking in the wrong place?

the NT5 stuff will back-support all the NT3.5/4.0 stuff, so it's good
enough for us, too :-)



More information about the samba-technical mailing list