> well, on NDS and Netware you could give file system access rights to a > container and then all users in that container would inherit these rights. > BTW, Windows and AD also cannot do this.
This just doesn't conceptually exist in a windows domain; but you might be able to use dynamic groups in OpenLDAP to fake it. Dynamic groups are assembled by the DSA based on a variety of criteria, which could I suppose, include being the leaf of a given container. > Basically it is a way to not use groups but assign information to objects > based on their position in the LDAP tree. I can imagine many more uses, > e.g. default servers, logon servers, share access rights, ... > The point is, is there any use of the hierarchical structure of the LDAP > directory for Samba ? Or does Samba use the LDAP dir only like flat file > or SQL DB ? Samba uses LDAP via a password database, so in many ways it treats them all the same. But you can do alot in the DSA to streamline things. > AFAIK there is not yet much or maybe any support for such settings, but I > want to discuss why not and wether others find it a useful thing to have. I'd suggest digging into dynamic groups, overlays, etc... in very recent version of OpenLDAP and see if you can achieve what you want. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
