[Samba] AD howtos: LDAP needed?
Mike Gallamore
mike at mpi-cbg.de
Fri Nov 7 15:32:09 GMT 2008
Well there is an advantage if you are trying to role your own
permissions/policy system. For example at my work (a research
institute), we have our own LDAP to store things like who owns a
storage area, who is a member of the group etc, so that we could get
over the NIS limitation of 16 groups for a user. We also have such
things defined as "user has sudo rights on this server", "user can
modify mailing lists", groups of groups ("member of this lab gets
added to these network shares, these permissions on mailing lists,
this billing code for purchases etc), etc. All depends on what you
need to do. I guess short answer: if what a windows share can do is
sufficient for your needs then yeah just AD (which is a specific
implementation of LDAP) is fine for you.
On Nov 7, 2008, at 4:06 PM, degbert degbert wrote:
>>> My understanding is AD was/is MS's implementation of LDAP.
>>> http://en.wikipedia.org/wiki/Active_directory . AD added stuff on
>>> top of the
>>> base standard to support "group policies". Essentially MS made an
>>> LDAP
>>> object structure for Windows networks, that obviously, windows
>>> clients know
>>> what the objects in the LDAP mean and so display them properly in
>>> Network
>>> Places or whatever.
>>> On Nov 7, 2008, at 12:17 PM, degbert degbert wrote:
>>>
>>>> Hello,
>>>>
>>>> Sorry for two messages, but I thought it would make more sense to
>>>> use one
>>>> message per question.
>>>>
>>>> Why do so many (but not all) AD howtos mention LDAP? Without
>>>> configuring
>>>> LDAP I can use getent passwd or getent group to see the users in
>>>> the AD.
>>>>
>>>> Is there a benefit to also editing nsswitch to query LDAP?
>>>>
>>>> Degbert.
>
> So there is no advantage to adding ldap to the mix? Excellent, I hoped
> that was the answer :)
More information about the samba
mailing list