[Samba] AD howtos: LDAP needed?

Mike Gallamore mike at mpi-cbg.de
Fri Nov 7 15:32:09 GMT 2008

Well there is an advantage if you are trying to role your own  
permissions/policy system. For example at my work (a research  
institute), we have our own LDAP to store things like who owns a  
storage area, who is a member of the group etc, so that we could get  
over the NIS limitation of 16 groups for a user. We also have such  
things defined as "user has sudo rights on this server", "user can  
modify mailing lists", groups of groups ("member of this lab gets  
added to these network shares, these permissions on mailing lists,  
this billing code for purchases etc), etc. All depends on what you  
need to do. I guess short answer: if what a windows share can do is  
sufficient for your needs then yeah just AD (which is a specific  
implementation of LDAP) is fine for you.
On Nov 7, 2008, at 4:06 PM, degbert degbert wrote:

>>> My understanding is AD was/is MS's implementation of LDAP.
>>> http://en.wikipedia.org/wiki/Active_directory . AD added stuff on  
>>> top of the
>>> base standard to support "group policies". Essentially MS made an  
>>> LDAP
>>> object structure for Windows networks, that obviously, windows  
>>> clients know
>>> what the objects in the LDAP mean and so display them properly in  
>>> Network
>>> Places or whatever.
>>> On Nov 7, 2008, at 12:17 PM, degbert degbert wrote:
>>>> Hello,
>>>> Sorry for two messages, but I thought it would make more sense to  
>>>> use one
>>>> message per question.
>>>> Why do so many (but not all) AD howtos mention LDAP? Without  
>>>> configuring
>>>> LDAP I can use getent passwd or getent group to see the users in  
>>>> the AD.
>>>> Is there a benefit to also editing nsswitch to query LDAP?
>>>> Degbert.
> So there is no advantage to adding ldap to the mix? Excellent, I hoped
> that was the answer :)

More information about the samba mailing list