support for privileges in Samba 3.0

Gerald (Jerry) Carter jerry at
Fri Jan 14 19:40:07 GMT 2005

Hash: SHA1

Andrew Bartlett wrote:

|> Very interesting. This means there is no sense
|> in putting more effort into>> migrating account
|> policies into passdb? I'm asking because I was just
|> about updating the somewhat older patch available at
|> in
|> preparation for commit.
| Personally, I would like to see that at least make
| it into trunk.

Guenther and I and working on this in parallel.  So
the end solution will be acceptable all around I think.

| I still feel that LDAP provides a better (and two-way,
| with  the rebind to the master) replication system,
| and I'm a little surprised to see things heading in
| this direction.

The issue I have is more with the data model.  The power of
LDAP is to consolidate information.  None of the privilege
information will be used by anyone other than Samba so I
don't believe that the add code complexity is warranted.

However, I can see storing account policy information in the
sambaDomain object.  That would be sensible.

| But even without considering the eDirectory side, I
| wonder how many sites are actually correctly setup for
| SamSync style replication (correct communication
| paths for CIFS between PDC and BDC, notifications
| etc), compared to 'tacking on' to the working
| LDAP arrangement?

LDAP complicates things for system administrators.  I
think I can honestly say that given how many classes I've
taught on it.  It's not hard but it is not lightweight
either.  And I blame LDAP for the increase in the noise
level on the Samba mailing list.

| While I can only speak as an administrator of an LDAP/Samba
| based site, and not as a developer (now that I'm off in
| Samba4 land most of the time), I have enjoyed the
| ability to manually inspect the LDAP directory, and
| it seems a pity to move more towards data in tdbs only,
| with a different synchronisation system.

We'll see which one wins out.

To be continued....

cheers, jerry
Alleviating the pain of Windows(tm)      -------
GnuPG Key                -----
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


More information about the samba-technical mailing list