samba - Mar 2004 - Re. : Re: Re: Multiple DB / fragmented information

Hi,

Maybe using LDAP REFERRAL ???

-----------------------------------
St?phane PURNELLE                         stephane.purnelle@corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467


|---------+--------------------------------------------------------->
|         |           "Lapin(c)" <lapin@linagora.com>           
|
|         |           Envoy? par :                                  |
|         |           samba-bounces+stephane.purnelle=corman.be@list|
|         |           s.samba.org                                   |
|         |                                                         |
|         |                                                         |
|         |           04/03/2004 14:51                              |
|         |                                                         |
|---------+--------------------------------------------------------->
 
>-----------------------------------------------------------------------------------------------|
  |                                                                             
|
  |        Pour :   J?r?me Fenal <jerome.fenal@logicacmg.com>             
|
  |        cc :     "samba@lists.samba.org"
<samba@lists.samba.org>                               |
  |        Objet :  Re: [Samba] Re: Multiple DB / fragmented information        
|
 
>-----------------------------------------------------------------------------------------------|




Selon J?r?me Fenal <jerome.fenal@logicacmg.com>:
> Salut Lapin(c),
>
> Comment va depuis notre longue discussion sur Solutions Linux ?
Plutot bien merci :)
>
> Lapin(c) wrote:
>
> > I was exploring a local LDAP solution, as it's for a very large
network
> (1000
> > sites / 100000 users) we want a disjunction between local
administration
> for
> > machines and global administration for users.
>
> What do you mean for disjunction between local administration and users ?
>
> Do you mean :
> 1. Separation between directory insertion (etheir user or machine) and
> local PC admin rights :
> - class D people can insert machines, as well as users
> - class T people can login to machines as local admin
>
> 2. Separation between directory insertion (users inserted by some
> people, machine by others) and local PC admin rights :
> - class M people (local support I guess) can insert local machine, in
> the right ou=site,ou=Computers sub-ou
> - class D people can insert users (centrally managed I guess), and maybe
>   Computers
> - class T people (see below).
>
> I guess (read I think, but not yet investigated further) that it could
> be done, maybe with the help of LDAP management application and
> carefully crafted LDAP ACLs.
> I think that, if using IdealX scripts, and different sub-ou
> configuration for these, you may can do what you intend to, directly
> using Samba and inserting machine directly from the Windows PC.
I mean that computers account is a local data and users password is a
global
data. so I need to separate both information in term of localization, hence
for
administration. It's mainly a LDAP architecture problem now.
>
>
> What is the size of the biggest site (I beg it is the Lyon one in
> Part-Dieu) ? Or maybe Paris'ones.
yes they are, the biggest are 300/400 users per site.
>
> I guess that machine passwords traffic (once per week) would not be that
> huge, even on 64kb/s lines
>
no the study is done to minimize network flow on the backbone.




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

> 
> 
> Hi,
> 
> Maybe using LDAP REFERRAL ???
> 
exactly !
i'm testing the new architecture  to validate the password life and
workflow.

thanks all for your advices.

next problem will be the migration process but it will be for an other ML ;)