Schema updates and modern Samba AD

William Brown wbrown at suse.de
Thu May 28 02:19:58 UTC 2020



> On 27 May 2020, at 14:41, Andrew Bartlett <abartlet at samba.org> wrote:
> 
> On Wed, 2020-05-27 at 13:53 +1000, William Brown via samba-technical
> wrote:
>>> 
>> 
>> 
> https://docs.microsoft.com/en-us/windows/win32/ad/extending-the-schema
>> 
>> Generally, I'd say the biggest thing is that it's a one way street -
>> you can add, but never remove, so that means your changes have to be
>> very carefully considered, because a mistake can't easily be undone.
>> 
>> For example, if the ssh public key schema shipped in AD, the fact is
>> has a "must" not "may" on the ldapPublicKey attribute makes it
>> extremely hard to use in a self management scenario.
>> 
>> So my input (for what it's worth) is that schema changes should be
>> considered carefully, and the consequences understood, as well as the
>> ergonomics of how those changes will interface with access controls
>> and that human interaction. 
>> 
>> Hope that helps,
> 
> G'Day William,
> 
> It is a wiki, feel free to craft some suitable guidance and add it!

Done, but I'm not able to upload files. Can you add the following for me? Then I can fix up some links in the page.

Thanks! 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ldapcompat.ldif.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200528/f4a8235d/ldapcompat.ldif.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sshpubkey.ldif.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200528/f4a8235d/sshpubkey.ldif.txt>
-------------- next part --------------

> 
> Thanks,
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                       https://samba.org/~abartlet/
> Authentication Developer, Samba Team  https://samba.org
> Samba Developer, Catalyst IT          
> https://catalyst.net.nz/services/samba
> 
> 
> 

?
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs



More information about the samba-technical mailing list