stephane.purnelle@corman.be
2004-Mar-04 13:58 UTC
Re. : Re: [Samba] Re: Multiple DB / fragmented information
Hi, Maybe using LDAP REFERRAL ??? ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 |---------+---------------------------------------------------------> | | "Lapin(c)" <lapin@linagora.com> | | | Envoy? par : | | | samba-bounces+stephane.purnelle=corman.be@list| | | s.samba.org | | | | | | | | | 04/03/2004 14:51 | | | | |---------+---------------------------------------------------------> >-----------------------------------------------------------------------------------------------| | | | Pour : J?r?me Fenal <jerome.fenal@logicacmg.com> | | cc : "samba@lists.samba.org" <samba@lists.samba.org> | | Objet : Re: [Samba] Re: Multiple DB / fragmented information | >-----------------------------------------------------------------------------------------------| Selon J?r?me Fenal <jerome.fenal@logicacmg.com>:> Salut Lapin(c), > > Comment va depuis notre longue discussion sur Solutions Linux ?Plutot bien merci :)> > Lapin(c) wrote: > > > I was exploring a local LDAP solution, as it's for a very large network > (1000 > > sites / 100000 users) we want a disjunction between localadministration> for > > machines and global administration for users. > > What do you mean for disjunction between local administration and users ? > > Do you mean : > 1. Separation between directory insertion (etheir user or machine) and > local PC admin rights : > - class D people can insert machines, as well as users > - class T people can login to machines as local admin > > 2. Separation between directory insertion (users inserted by some > people, machine by others) and local PC admin rights : > - class M people (local support I guess) can insert local machine, in > the right ou=site,ou=Computers sub-ou > - class D people can insert users (centrally managed I guess), and maybe > Computers > - class T people (see below). > > I guess (read I think, but not yet investigated further) that it could > be done, maybe with the help of LDAP management application and > carefully crafted LDAP ACLs. > I think that, if using IdealX scripts, and different sub-ou > configuration for these, you may can do what you intend to, directly > using Samba and inserting machine directly from the Windows PC.I mean that computers account is a local data and users password is a global data. so I need to separate both information in term of localization, hence for administration. It's mainly a LDAP architecture problem now.> > > What is the size of the biggest site (I beg it is the Lyon one in > Part-Dieu) ? Or maybe Paris'ones.yes they are, the biggest are 300/400 users per site.> > I guess that machine passwords traffic (once per week) would not be that > huge, even on 64kb/s lines >no the study is done to minimize network flow on the backbone. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
> > > Hi, > > Maybe using LDAP REFERRAL ??? >exactly ! i'm testing the new architecture to validate the password life and workflow. thanks all for your advices. next problem will be the migration process but it will be for an other ML ;)
Possibly Parallel Threads
- Small glitch in howto
- RE : S3+CUPS+PDF pseudo printer : print command not functional on service
- Wrestling with Samba, Solaris 9, and groups, and a big thanks
- Samba3 and Domain Admin group mapping and use pbms.
- [Bug?Report] ldapsam duplication of output if two ldapsam sources