support for privileges in Samba 3.0
Gerald (Jerry) Carter
jerry at samba.org
Fri Jan 14 19:40:07 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Andrew Bartlett wrote:
|> Very interesting. This means there is no sense
|> in putting more effort into>> migrating account
|> policies into passdb? I'm asking because I was just
|> about updating the somewhat older patch available at
|> https://bugzilla.samba.org/show_bug.cgi?id=1913 in
|> preparation for commit.
| Personally, I would like to see that at least make
| it into trunk.
Guenther and I and working on this in parallel. So
the end solution will be acceptable all around I think.
| I still feel that LDAP provides a better (and two-way,
| with the rebind to the master) replication system,
| and I'm a little surprised to see things heading in
| this direction.
The issue I have is more with the data model. The power of
LDAP is to consolidate information. None of the privilege
information will be used by anyone other than Samba so I
don't believe that the add code complexity is warranted.
However, I can see storing account policy information in the
sambaDomain object. That would be sensible.
| But even without considering the eDirectory side, I
| wonder how many sites are actually correctly setup for
| SamSync style replication (correct communication
| paths for CIFS between PDC and BDC, notifications
| etc), compared to 'tacking on' to the working
| LDAP arrangement?
LDAP complicates things for system administrators. I
think I can honestly say that given how many classes I've
taught on it. It's not hard but it is not lightweight
either. And I blame LDAP for the increase in the noise
level on the Samba mailing list.
| While I can only speak as an administrator of an LDAP/Samba
| based site, and not as a developer (now that I'm off in
| Samba4 land most of the time), I have enjoyed the
| ability to manually inspect the LDAP directory, and
| it seems a pity to move more towards data in tdbs only,
| with a different synchronisation system.
We'll see which one wins out.
To be continued....
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical