Re: [Samba] LDAP Q: What for use Containers
Schlomo Schapiro wrote: Hi, I am planning a Samba3+LDAP installation and was wondering about the use of putting users into different containers on the LDAP server (similar to what people do on NDS/eDirectory). Is it possible to then assign rights, options, ... to the containers and have the users inherit these rights ? What type of 'rights, options,...' are you looking for here? Perhaps you are looking for a feature that could be given via groups, but more specifics are necessary. Having worked a lot in a Novell environment I of course got used to the convenience of assigning rights to containers. Is there currently any support for this in Samba ? Is there something planned to facilitate this feature ? I guess it will also have to go with the host file system ... Any input appreciated, Schlomo -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Q: What for use Containers
Hi, well, on NDS and Netware you could give file system access rights to a container and then all users in that container would inherit these rights. BTW, Windows and AD also cannot do this. Basically it is a way to not use groups but assign information to objects based on their position in the LDAP tree. I can imagine many more uses, e.g. default servers, logon servers, share access rights, ... The point is, is there any use of the hierarchical structure of the LDAP directory for Samba ? Or does Samba use the LDAP dir only like flat file or SQL DB ? AFAIK there is not yet much or maybe any support for such settings, but I want to discuss why not and wether others find it a useful thing to have. Regards, Schlomo On Tue, 20 Apr 2004, Paul Gienger wrote: Schlomo Schapiro wrote: Hi, I am planning a Samba3+LDAP installation and was wondering about the use of putting users into different containers on the LDAP server (similar to what people do on NDS/eDirectory). Is it possible to then assign rights, options, ... to the containers and have the users inherit these rights ? What type of 'rights, options,...' are you looking for here? Perhaps you are looking for a feature that could be given via groups, but more specifics are necessary. Having worked a lot in a Novell environment I of course got used to the convenience of assigning rights to containers. Is there currently any support for this in Samba ? Is there something planned to facilitate this feature ? I guess it will also have to go with the host file system ... Any input appreciated, Schlomo -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Q: What for use Containers
well, on NDS and Netware you could give file system access rights to a container and then all users in that container would inherit these rights. BTW, Windows and AD also cannot do this. This just doesn't conceptually exist in a windows domain; but you might be able to use dynamic groups in OpenLDAP to fake it. Dynamic groups are assembled by the DSA based on a variety of criteria, which could I suppose, include being the leaf of a given container. Basically it is a way to not use groups but assign information to objects based on their position in the LDAP tree. I can imagine many more uses, e.g. default servers, logon servers, share access rights, ... The point is, is there any use of the hierarchical structure of the LDAP directory for Samba ? Or does Samba use the LDAP dir only like flat file or SQL DB ? Samba uses LDAP via a password database, so in many ways it treats them all the same. But you can do alot in the DSA to streamline things. AFAIK there is not yet much or maybe any support for such settings, but I want to discuss why not and wether others find it a useful thing to have. I'd suggest digging into dynamic groups, overlays, etc... in very recent version of OpenLDAP and see if you can achieve what you want. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Q: What for use Containers
Zitat von Schlomo Schapiro [EMAIL PROTECTED]: Hi, well, on NDS and Netware you could give file system access rights to a container and then all users in that container would inherit these rights. BTW, Windows and AD also cannot do this. My assumptions: Samba can not doe this as nss/the resolver libs cannot do this. Even worse: for the same reason you can't have truely nested groups (though samba does support that a bit). I wish, someone would tell me, I'm wrong. Regards, Malte Mueller Basically it is a way to not use groups but assign information to objects based on their position in the LDAP tree. I can imagine many more uses, e.g. default servers, logon servers, share access rights, ... The point is, is there any use of the hierarchical structure of the LDAP directory for Samba ? Or does Samba use the LDAP dir only like flat file or SQL DB ? AFAIK there is not yet much or maybe any support for such settings, but I want to discuss why not and wether others find it a useful thing to have. Regards, Schlomo On Tue, 20 Apr 2004, Paul Gienger wrote: -- Powered by EWE TEL -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba