Windows and Unix integration - was 'Add external-schema directory'
rpenny at samba.org
Tue May 1 07:38:47 UTC 2018
On Tue, 01 May 2018 09:39:34 +1200
William Brown <william at blackhats.net.au> wrote:
> On Mon, 2018-04-30 at 07:58 +0100, Rowland Penny via samba-technical
> > On Mon, 30 Apr 2018 08:43:43 +0300
> > Alexander Bokovoy via samba-technical
> > <samba-technical at lists.samba.or
> > g>
> > wrote:
> > > Hi,
> > >
> > > On ma, 30 huhti 2018, William Brown via samba-technical wrote:
> > > > Hi,
> > > >
> > > > There are a small number of useful external schemas that we
> > > > should
> > > > provide. Instead of letting admins pull these from the internel
> > Why not, Windows does.
> Sorry, I don't believe this is an appropriate attitude in response to
> my proposal.
> If people want that experience then they are free to
> * Choose not to utilise this resource - I'm not proposing that the
> schema is applied by default.
> * Continue to use windows DC's - again choosing not to use this
> There is a broader picture here however. I am trying to consider this
> as an accesibility change that improves the experience for
> administrators interested in the Unix integration functionality of
> Samba DC's. Making samba "easier to use" than the Windows DC option is
> an attractive change (to me personally) as it will help to encourage
> people to utilise it in different situations than people classically
> have considered. For example, by making it simpler to provide ssh
> public key distribution schema, people can use SUSE/RHEL/Debian with
> SSSD, and enjoy the benefits of a single identity store (Samba AD) and
> the benefits of a unix directory (distributed ssh keys).
> As well I'm also looking to this as a migration process. Many business
> applications still require and link to certain attributes. In my case
> it's nsUniqueId, in others it may be entryUUID, or even ipaUniqueId.
> Being able to support these attributes on objects means people can
> perform a migration from 389DS/OpenLDAP/IPA to Samba AD, without
> breaking their applications UUID links that exist.
> This is a change that is looking beyond just "what does Windows do",
> but is looking at answering "What is required for Unix to be a first
> class client in a Samba AD environment".
> Today this is just proposing some schema templates. But in the future
> I think that some larger questions of support for things like UUID
> generation and compatability should be proposed as a "bonus extra" to
> the Samba project.
> Who knows - maybe having easily accessible tooling and schema will be
> the deciding factor between "Do we keep using windows DCs" or "Maybe
> we should use Samba as it's easier".
Provided that what you are proposing can be ignored, I can accept it.
Yes, whilst 'windows does it' isn't really a good argument, you have to
remember that if people want to do things that Samba denies, but
Windows allows, they will just use Windows to do them.
More information about the samba-technical