Samba 3.0 Schema changes

[Andrew Bartlett]

Just a quick note to those involved with Directory Administrator:

Samba 3.0 has changed our LDAP schema, mainly to avoid conflicts with
existing attribute names, and to allow us to move forward into groups
and the like.  (There is a 2.2 compatibility mode, but new installations
will use the new schema).

It's not particularly documented at present, but a quick reading of the
included conversion script should show the basic changes.

It has become increasingly evident that Samba *needs* tools like
Directory Administrator in order to move forward - telling people to
script or edit the directory manually just doesn't cut it.

As such, it would be a pity to ship Samba 3.0 with what existing tools
we have broken.  I'm quite wiling to assist in the changes, if
developers have questions about how the changes should be implemented.

In particular:
 - We now have a 'sambaDomain' object, with the primary domain SID
 - We now store the 'sambaSid' for each user, not their RID
 - The algorithm for calculating such a SID is no longer fixed. 

As such, we will need to work with you to ensure that we export the
required information into LDAP, so Directory Administrator can pick it
up.

Also, if you have any ideas for how you would like Samba to 'behave
better' in it's interaction with LDAP, I would be glad to hear it.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030619/337400b4/attachment.bin