Well there is an advantage if you are trying to role your own
permissions/policy system. For example at my work (a research
institute), we have our own LDAP to store things like who owns a
storage area, who is a member of the group etc, so that we could get
over the NIS limitation of 16 groups for a user. We also have such
things defined as "user has sudo rights on this server", "user can
modify mailing lists", groups of groups ("member of this lab gets
added to these network shares, these permissions on mailing lists,
this billing code for purchases etc), etc. All depends on what you
need to do. I guess short answer: if what a windows share can do is
sufficient for your needs then yeah just AD (which is a specific
implementation of LDAP) is fine for you.
On Nov 7, 2008, at 4:06 PM, degbert degbert wrote:
My understanding is AD was/is MS's implementation of LDAP.
http://en.wikipedia.org/wiki/Active_directory . AD added stuff on
top of the
base standard to support "group policies". Essentially MS made an
LDAP
object structure for Windows networks, that obviously, windows
clients know
what the objects in the LDAP mean and so display them properly in
Network
Places or whatever.
On Nov 7, 2008, at 12:17 PM, degbert degbert wrote:
Hello,
Sorry for two messages, but I thought it would make more sense to
use one
message per question.
Why do so many (but not all) AD howtos mention LDAP? Without
configuring
LDAP I can use getent passwd or getent group to see the users in
the AD.
Is there a benefit to also editing nsswitch to query LDAP?
Degbert.
So there is no advantage to adding ldap to the mix? Excellent, I hoped
that was the answer :)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
