At 09:42 18.10.2002 +0200, [EMAIL PROTECTED] wrote:
this is an idea, I think for now it's ok to only define attribute we need now, but-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> It would be nice to update the samba.schema only once, so we should > now also add the account policy values, etc ... to sambaDomainInfo > (all stuff we'll later use for the SAM system) Also add sambaGroup > now, would be nice.(with the stuff we'll later use) And changing a > few attributes from ascii-string to directory-string, so that we can > support utf-8 strings. Has anybody already a new SAM LDAP schema? Don't get me wrong, I'm honestly interested.
we should use this attributes in SAM LDAP and only add new ones to it, but didn't rename any!
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaDomainInfo' SUP top AUXILIARY DESC 'Samba Domain Information' MUST ( domain ) MAY ( rid $ domainSID )) objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaGroup' SUP top AUXILIARY DESC 'Samba Auxilary Group' MUST ( cn $ rid $ groupFlags) MAY ( ntGroupName $description $ domain ))
groupFlags should be like acctFlags [B ] for builtin [D ] for domain group [L ] for local group
we should store a list of SIDs for each privlege and don't store it on users/groups#objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaPrivilege' SUP top AUXILIARY # DESC 'Samba Privilege' # MUST ( privilegeType ) # MAY ( privilegeSID $ description $ domain ))
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <[EMAIL PROTECTED]>