Excuse me, but the assumption that LDAP = posix account repository is so false it isn't even funny. Definition obtainable by STFW:------------------
I say:
--------------
First off, you are saying a lot that is "clearly false". LDAP can be used blindly in this case. All I needed is a way to avoid having winbind on system A from assigning UIDs on system B that is different. If the UIDs are not identical on all member unix servers, it screws up permissions on issues like NFS, which still has applications in my world.
That is the point of LDAP - you set it up to maintain your unix accounts
and the member machines use it for authentication. Therefore, 1 user, 1
account on all machines that use LDAP for authentication. The
alternative to LDAP for this is NIS and that is not convergent with
samba.
*LDAP* - Acronym for Lightweight Directory Access Protocol. It is a protocol for accessing information directories such as organizations, individuals, phone numbers, and addresses. It is based on the X.500 directory protocols,
That doesn't say much about storing my account information. And just so we're all clear on what X.500 is:
An ISO <http://www.webopedia.com/TERM/X/ISO.html> and ITU <http://www.webopedia.com/TERM/X/ITU.html> standard that defines how global directories should be structured. X.500 directories are hierarchical <http://www.webopedia.com/TERM/X/hierarchical.html> with different levels for each category of information, such as country, state, and city
That being said,
We do lots of things with our ldap structure that has really nothing to do with authenticating users, the easiest to explain being storing automount information. Sun uses it for storing lots of crap for general system configuration. Some people use it for DNS. Storing SID->UID mappings is no different since pam/nsswitch doesn't look directly at the idmap object at all to figure out what users are what number, it relies on the nss/pam winbind module for that, which 'can' use LDAP as a data store. LDAP is just a network distributed information database, which happens to be used a lot for account management.
If you're going to come off like a pompus ass, please use a technically valid argument. Just because someone doesn't search the archives, which by the way, doesn't have a search feature, and I'm pretty sure didn't include an ldif for a working idmap backend in the last couple of months, isn't a good reason to go on a flame war.
-- Paul Gienger Office: Applied Engineering Inc. Cell: Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:[EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
