Selon J�r�me Fenal <[EMAIL PROTECTED]>: > Salut Lapin(c), > > Comment va depuis notre longue discussion sur Solutions Linux ?
Plutot bien merci :) > > Lapin(c) wrote: > > > I was exploring a local LDAP solution, as it's for a very large network > (1000 > > sites / 100000 users) we want a disjunction between local administration > for > > machines and global administration for users. > > What do you mean for disjunction between local administration and users ? > > Do you mean : > 1. Separation between directory insertion (etheir user or machine) and > local PC admin rights : > - class D people can insert machines, as well as users > - class T people can login to machines as local admin > > 2. Separation between directory insertion (users inserted by some > people, machine by others) and local PC admin rights : > - class M people (local support I guess) can insert local machine, in > the right ou=site,ou=Computers sub-ou > - class D people can insert users (centrally managed I guess), and maybe > Computers > - class T people (see below). > > I guess (read I think, but not yet investigated further) that it could > be done, maybe with the help of LDAP management application and > carefully crafted LDAP ACLs. > I think that, if using IdealX scripts, and different sub-ou > configuration for these, you may can do what you intend to, directly > using Samba and inserting machine directly from the Windows PC. I mean that computers account is a local data and users password is a global data. so I need to separate both information in term of localization, hence for administration. It's mainly a LDAP architecture problem now. > > > What is the size of the biggest site (I beg it is the Lyon one in > Part-Dieu) ? Or maybe Paris'ones. yes they are, the biggest are 300/400 users per site. > > I guess that machine passwords traffic (once per week) would not be that > huge, even on 64kb/s lines > no the study is done to minimize network flow on the backbone. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
