design for storing trusted domain passwords in ldap

Gerald (Jerry) Carter jerry at samba.org
Thu Jan 18 13:15:57 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker Lendecke wrote:

> It's just that I've come across bug reports where people
> have more than one samba domain inside the LDAP tree.
> Without both domain names correct functioning would depend
> on a correctly set ldap suffix per domain.

But you need the ldap suffix set correctly for other things.
My preference is to simply associate the trust information
with the parent DN (sambaDomainName container).

> Nothing I would stop the feature for, but I think it might
> add a bit reliability.

Sure.  I just don't want to promote bad habits among
administrators.  :-)








cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFr3L0IR7qMdg1EfYRAqR9AKDseUMdOA3gQNpI8xdYlqhQ/jIA+ACgg03a
6Nzap3p10QeXUnIJy8X9fKE=
=QW3a
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list