[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: memberOf hidden?

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: memberOf hidden?
From: Michael StrÃder <michael@stroeder.com>
Date: Mon, 14 Jan 2008 15:50:04 +0100
Cc: openldap-technical <openldap-technical@openldap.org>
In-reply-to: <478B64F2.4050605@sys-net.it>
References: <1200022491.1718.25.camel@naomi> <47873128.6010407@stroeder.com> <1200270901.5772.3.camel@naomi> <478B64F2.4050605@sys-net.it>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 SeaMonkey/1.1.7

Pierangelo Masarati wrote:

Andrew Bartlett wrote:

Samba4's clients are written expecting AD's behaviour, and while I might
hope that they would explicitly request the attributes they need, if I
can make such mistakes in my test scripts, so can they...


The addition of this feature is (almost) trivial.  So the decision
should be based on:
  - should this "feature" be exposed to all users, or
  - should it be exposed only to users using samba4 as proxy?

I think the latter. See, my main scope as a consultant is directory integration/consolidation. So my recommendation is that everything should be avoided which turns an OpenLDAP directory into a special Samba4 LDAP backend which is not usable with other LDAPv3 compliant software anymore.

How about such an overlay specially treating * based on <who> like defined in ACLs? Or maybe one should recommend in a deployment note to use this overlay with back-ldap?

Ciao, Michael.

Follow-Ups:
- Re: memberOf hidden?
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- memberOf hidden?
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: memberOf hidden?
  - From: Michael Ströder <michael@stroeder.com>
- Re: memberOf hidden?
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: memberOf hidden?
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: memberOf hidden?
Next by Date: update with perl
Index(es):
- Chronological
- Thread