> >> The main reason we don't use the Cifs capabilities of the Isilon cluster > >> is that it doesn't support how we use Samba / Ldap. > >> We have 1 LDAP tree, with all little OU's and each OU is the container > >> for 1 domain. > >> We use a filter to make sure that a user that connect to the samba he > >> has access to, only sees his part of the LDAP tree. > >> This filter functionality is something that is not available in the > >> stock samba, it was before, and we patch it back into every samba we use > >> in production. > >> We can't patch it into the Cifs server on the Isilon cluster. > > You should be able to - it's just Samba and so you have > > the source code. > > Is the filter patch more generally useful ? Do you think > > it's worth submitting to the list or as a feature request ? > The filter patch is very usefull and a while back it was in the code. > But as I understood from my colleges is was removed because noone seemed > to understand what you could do with it and therefor noone needed it. We > need it very much and that's why we have reverse engineered the patch > that removed this functionality and patch it back in every time we go to > a new version of Samba.
If ACLs aren't sufficient you certainly can accomplish it via back-meta and rewrite rules, all on the DSA, and keeping a simpler Samba configuration. -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
