Schema updates and modern Samba AD

Andrew Bartlett abartlet at
Wed May 27 04:41:40 UTC 2020

On Wed, 2020-05-27 at 13:53 +1000, William Brown via samba-technical
> > 
> Generally, I'd say the biggest thing is that it's a one way street -
> you can add, but never remove, so that means your changes have to be
> very carefully considered, because a mistake can't easily be undone.
> For example, if the ssh public key schema shipped in AD, the fact is
> has a "must" not "may" on the ldapPublicKey attribute makes it
> extremely hard to use in a self management scenario.
> So my input (for what it's worth) is that schema changes should be
> considered carefully, and the consequences understood, as well as the
> ergonomics of how those changes will interface with access controls
> and that human interaction. 
> Hope that helps,

G'Day William,

It is a wiki, feel free to craft some suitable guidance and add it!


Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT 

More information about the samba-technical mailing list