[Samba] LDAP group objects?

[Daniel Turner]

I understand the concern. But with so many relying on web-based
applications in day-to-day operations, we are dependent on connectivity
already.

JumpCloud is interesting because it isn't just LDAP, and the other parts do
not require JumpCloud to be accessible all the time.

By creating one list of users in JumpCloud you can auto provision the users
in G Suite or O365, allow the JC agent to creat local accounts on Windows,
MacOS, and Linux. You can tie in more than 100 SAML enabled webapps, all
using your list of users.

It isn't perfect, especially the LDAP/Samba side it seems. And while it
does a lot, it isn't a replacement for AD. But for small groups of users
who don't have the infrastructure to support a full ad setup and who do
most of their business online, it might work well.
On Fri, Dec 22, 2017 at 3:07 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 21 Dec 2017 17:02:31 -0600
> Daniel Turner <daniel.turner at eliciotech.com> wrote:
>
> > Thank you, those links were indeed helpful.
> >
> > It appears to me that while JumpCloud.com touts it's Samba
> > compatibility (including "Samba Schema support"), their's is an
> > imperfect implementation. Because they do not leverage the Samba
> > group objectclass they are hampering Samba's ability.
> >
> > The method they've used to implement groups does not allow those
> > groups to be used by Samba. I'm no expert on LDAP, but I believe the
> > addition of an attribute on their groupOfNames style of group may be
> > all that is needed - I'm spinning up an OpenLDAP instance to confirm.
> >
> > Now to try to convince them of this fact in the hopes of future
> > improvements.
> >
>
> I have always been a bit doubtful about 'cloud' usage, you are
> dependant on what the 'cloud' provides and what happens if it rains and
> the cloud goes away ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>