Schema updates and modern Samba AD
abartlet at samba.org
Wed May 27 04:41:40 UTC 2020
On Wed, 2020-05-27 at 13:53 +1000, William Brown via samba-technical
> Generally, I'd say the biggest thing is that it's a one way street -
> you can add, but never remove, so that means your changes have to be
> very carefully considered, because a mistake can't easily be undone.
> For example, if the ssh public key schema shipped in AD, the fact is
> has a "must" not "may" on the ldapPublicKey attribute makes it
> extremely hard to use in a self management scenario.
> So my input (for what it's worth) is that schema changes should be
> considered carefully, and the consequences understood, as well as the
> ergonomics of how those changes will interface with access controls
> and that human interaction.
> Hope that helps,
It is a wiki, feel free to craft some suitable guidance and add it!
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
More information about the samba-technical