get_domain_user_groups() improvement.
Andrew Bartlett
abartlet at samba.org
Fri Sep 24 09:19:18 GMT 2004
On Fri, 2004-09-24 at 18:25, Simo Sorce wrote:
> On Thu, 2004-09-23 at 17:14, Igor Belyi wrote:
> > Gerald (Jerry) Carter wrote:
> >
> > > Andrew Bartlett wrote:
> > > |> Maybe you don't care about it anymore, but those people
> > > | Sorry - I didn't mean it to come across like that. Of
> > > I should have added a note that this was not a
> > > personal comment. I just want to make sure that no
> >
> >
> > I didn't mean to stir a fight... (mwa-ha-ha!) ;o)
> >
> > Just to clarify the idea - pushing _all_ NSS calls from common pdbpass
> > functions into backends and letting ldapsam backend assume that UNIX
> > accounts and groups are in traditianal LDAP objects while keeping all
> > other backends to use NSS calls is the right approach. Is that correct?
>
> no, sorry that is not correct.
> There is always one account that do not obey that rule, that's root
> (never seen anybody putting it into ldap, it is always in /etc/passwd).
I regularly put it in LDAP, just as a duplicate of the posix data (but
without the shadow parts).
> And I've seen other environments that also use ldap only for samba user
> part storage and not for unix user storage (no nss_ldap on the system).
How is the group mapping handled in this case? (Given it's so closely
tied to the posixGroup).
Given we are trying to fix the groups side only, I think the assumptions
are reasonable.
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040924/05e7eab0/attachment.bin
More information about the samba-technical
mailing list