Hi,
Maybe using LDAP REFERRAL ???
-----------------------------------
St�phane PURNELLE [EMAIL PROTECTED]
Service Informatique Corman S.A. Tel : 00 32 087/342467
|---------+--------------------------------------------------------->
| | "Lapin(c)" <[EMAIL PROTECTED]> |
| | Envoy� par : |
| | [EMAIL PROTECTED]|
| | s.samba.org |
| | |
| | |
| | 04/03/2004 14:51 |
| | |
|---------+--------------------------------------------------------->
>-----------------------------------------------------------------------------------------------|
|
|
| Pour : J�r�me Fenal <[EMAIL PROTECTED]>
|
| cc : "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
|
| Objet : Re: [Samba] Re: Multiple DB / fragmented information
|
>-----------------------------------------------------------------------------------------------|
Selon J�r�me Fenal <[EMAIL PROTECTED]>:
> Salut Lapin(c),
>
> Comment va depuis notre longue discussion sur Solutions Linux ?
Plutot bien merci :)
>
> Lapin(c) wrote:
>
> > I was exploring a local LDAP solution, as it's for a very large network
> (1000
> > sites / 100000 users) we want a disjunction between local
administration
> for
> > machines and global administration for users.
>
> What do you mean for disjunction between local administration and users ?
>
> Do you mean :
> 1. Separation between directory insertion (etheir user or machine) and
> local PC admin rights :
> - class D people can insert machines, as well as users
> - class T people can login to machines as local admin
>
> 2. Separation between directory insertion (users inserted by some
> people, machine by others) and local PC admin rights :
> - class M people (local support I guess) can insert local machine, in
> the right ou=site,ou=Computers sub-ou
> - class D people can insert users (centrally managed I guess), and maybe
> Computers
> - class T people (see below).
>
> I guess (read I think, but not yet investigated further) that it could
> be done, maybe with the help of LDAP management application and
> carefully crafted LDAP ACLs.
> I think that, if using IdealX scripts, and different sub-ou
> configuration for these, you may can do what you intend to, directly
> using Samba and inserting machine directly from the Windows PC.
I mean that computers account is a local data and users password is a
global
data. so I need to separate both information in term of localization, hence
for
administration. It's mainly a LDAP architecture problem now.
>
>
> What is the size of the biggest site (I beg it is the Lyon one in
> Part-Dieu) ? Or maybe Paris'ones.
yes they are, the biggest are 300/400 users per site.
>
> I guess that machine passwords traffic (once per week) would not be that
> huge, even on 64kb/s lines
>
no the study is done to minimize network flow on the backbone.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
