Schema updates and modern Samba AD
William Brown
wbrown at suse.de
Thu May 28 02:19:58 UTC 2020
> On 27 May 2020, at 14:41, Andrew Bartlett <abartlet at samba.org> wrote:
>
> On Wed, 2020-05-27 at 13:53 +1000, William Brown via samba-technical
> wrote:
>>>
>>
>>
> https://docs.microsoft.com/en-us/windows/win32/ad/extending-the-schema
>>
>> Generally, I'd say the biggest thing is that it's a one way street -
>> you can add, but never remove, so that means your changes have to be
>> very carefully considered, because a mistake can't easily be undone.
>>
>> For example, if the ssh public key schema shipped in AD, the fact is
>> has a "must" not "may" on the ldapPublicKey attribute makes it
>> extremely hard to use in a self management scenario.
>>
>> So my input (for what it's worth) is that schema changes should be
>> considered carefully, and the consequences understood, as well as the
>> ergonomics of how those changes will interface with access controls
>> and that human interaction.
>>
>> Hope that helps,
>
> G'Day William,
>
> It is a wiki, feel free to craft some suitable guidance and add it!
Done, but I'm not able to upload files. Can you add the following for me? Then I can fix up some links in the page.
Thanks!
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ldapcompat.ldif.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200528/f4a8235d/ldapcompat.ldif.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sshpubkey.ldif.txt
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200528/f4a8235d/sshpubkey.ldif.txt>
-------------- next part --------------
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Developer, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
?
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
More information about the samba-technical
mailing list