The proper place for ldb templates
Andrew Bartlett
abartlet at samba.org
Thu Jul 21 02:33:05 GMT 2005
Samba4 uses a very powerful feature in the samdb ldb module to handle
the 'templating' of users, groups and other ldap objects.
The idea is simple: We need for an LDAP client to be able to create a
user with a simple (incomplete) LDAP record, in order to match AD
behaviour, and we may as well use that internally.
So, I wanted to use it for incoming vampire of an NT4 domain. But the
design I was thinking of would not have the domain or base dn existing
before the vampire begins - only the ldb attributes. Currently, the
templates are entries 'below' the base dn created for the domain.
Conceptually, the template is much more like an attribute than real
entries, and indeed we have had to put hacks in place to prevent normal
searches 'finding' the templates. So would it not make more sense to
place the templates somewhere else - say a top level cn=templates, where
they would never be found unless we were really looking for them?
(In the meantime, I'm just going to use the feature of ldb_tdb, that the
dn is not checked for a proper structure, just is taken as a string).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050721/8bc729eb/attachment.bin
More information about the samba-technical
mailing list