Schema updates and modern Samba AD
Andrew Bartlett
abartlet at samba.org
Thu May 28 02:29:41 UTC 2020
On Thu, 2020-05-28 at 12:19 +1000, William Brown wrote:
> > On 27 May 2020, at 14:41, Andrew Bartlett <abartlet at samba.org>
> > wrote:
> >
> > On Wed, 2020-05-27 at 13:53 +1000, William Brown via samba-
> > technical
> > wrote:
> > > >
> > >
> > >
> >
> >
https://docs.microsoft.com/en-us/windows/win32/ad/extending-the-schema
> > >
> > > Generally, I'd say the biggest thing is that it's a one way
> > > street -
> > > you can add, but never remove, so that means your changes have to
> > > be
> > > very carefully considered, because a mistake can't easily be
> > > undone.
> > >
> > > For example, if the ssh public key schema shipped in AD, the fact
> > > is
> > > has a "must" not "may" on the ldapPublicKey attribute makes it
> > > extremely hard to use in a self management scenario.
> > >
> > > So my input (for what it's worth) is that schema changes should
> > > be
> > > considered carefully, and the consequences understood, as well as
> > > the
> > > ergonomics of how those changes will interface with access
> > > controls
> > > and that human interaction.
> > >
> > > Hope that helps,
> >
> > G'Day William,
> >
> > It is a wiki, feel free to craft some suitable guidance and add it!
>
> Done, but I'm not able to upload files. Can you add the following for
> me? Then I can fix up some links in the page.
You are now approved, and can upload files!
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list