[Samba] Re: Multiple DB / fragmented information

Lapin(c) lapin at linagora.com
Thu Mar 4 13:51:12 GMT 2004

Selon Jérôme Fenal <jerome.fenal at logicacmg.com>:

> Salut Lapin(c),
> Comment va depuis notre longue discussion sur Solutions Linux ?

Plutot bien merci :)

> Lapin(c) wrote:
> > I was exploring a local LDAP solution, as it's for a very large network
> (1000
> > sites / 100000 users) we want a disjunction between local administration
> for
> > machines and global administration for users.
> What do you mean for disjunction between local administration and users ?
> Do you mean :
> 1. Separation between directory insertion (etheir user or machine) and 
> local PC admin rights :
> - class D people can insert machines, as well as users
> - class T people can login to machines as local admin
> 2. Separation between directory insertion (users inserted by some 
> people, machine by others) and local PC admin rights :
> - class M people (local support I guess) can insert local machine, in 
> the right ou=site,ou=Computers sub-ou
> - class D people can insert users (centrally managed I guess), and maybe 
>   Computers
> - class T people (see below).
> I guess (read I think, but not yet investigated further) that it could 
> be done, maybe with the help of LDAP management application and 
> carefully crafted LDAP ACLs.
> I think that, if using IdealX scripts, and different sub-ou 
> configuration for these, you may can do what you intend to, directly 
> using Samba and inserting machine directly from the Windows PC.

I mean that computers account is a local data and users password is a global
data. so I need to separate both information in term of localization, hence for
administration. It's mainly a LDAP architecture problem now. 

> What is the size of the biggest site (I beg it is the Lyon one in 
> Part-Dieu) ? Or maybe Paris'ones.

yes they are, the biggest are 300/400 users per site.

> I guess that machine passwords traffic (once per week) would not be that 
> huge, even on 64kb/s lines

no the study is done to minimize network flow on the backbone.

More information about the samba mailing list