Schema updates and modern Samba AD

Andrew Bartlett abartlet at samba.org
Wed May 27 04:41:40 UTC 2020


On Wed, 2020-05-27 at 13:53 +1000, William Brown via samba-technical
wrote:
> > 
> 
> 
https://docs.microsoft.com/en-us/windows/win32/ad/extending-the-schema
> 
> Generally, I'd say the biggest thing is that it's a one way street -
> you can add, but never remove, so that means your changes have to be
> very carefully considered, because a mistake can't easily be undone.
> 
> For example, if the ssh public key schema shipped in AD, the fact is
> has a "must" not "may" on the ldapPublicKey attribute makes it
> extremely hard to use in a self management scenario.
> 
> So my input (for what it's worth) is that schema changes should be
> considered carefully, and the consequences understood, as well as the
> ergonomics of how those changes will interface with access controls
> and that human interaction. 
> 
> Hope that helps,

G'Day William,

It is a wiki, feel free to craft some suitable guidance and add it!

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba






More information about the samba-technical mailing list