LDAP schema
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Sun Nov 29 18:43:19 GMT 1998
On Fri, 27 Nov 1998, Matt Chapman wrote:
> Jean Francois Micouleau wrote:
>
> > On Fri, 27 Nov 1998, Matt Chapman wrote:
> >
> > > LDAP support is coming along well, and I would like some comments as to the
> > > schema.
> >
> > I've done some digging on my disks of the LDAP skeleton I wrote 6 months
> > ago. Take also a look at the AD schema on MS site.
>
> Thanks.
>
> A number of those attributes aren't of very much use to us though; they only
> surface at certain info levels which it would be absurd to add passdb routines
actually, take a look at rpc_server/srv_netlog.c, api_net_sam_logon: it
uses practically all of the entries mentioned. a SAM database user entry
has about twenty five bits of info per user.
> I would like to see what Luke has to say on the issue of storing RIDs, SIDs,
> etc. as opposed to generating them...,
i _hate_ the concept of "creating" RIDs mathematically from uids, i really
do. i don't mind "creating" them mathematically off-line or on-demand and
having them stored.
the only reason i'm going with the mathematical-generation at the moment
is specifically because private/smbpasswd, the only working database at
the moment, doesn't support RIDs, it supports unix UIDs.
> but certainly in the schema I'll be
> adding a few more attributes to those in that example.
please do.
> I did have a look at Microsoft's AD docs before and they seem to go into their
> new NT5 groups schema in great detail but not say very much about individual
> user information... was I looking in the wrong place?
the NT5 stuff will back-support all the NT3.5/4.0 stuff, so it's good
enough for us, too :-)
More information about the samba-technical
mailing list