On Wed, 9 Nov 2022, Rowland Penny via samba wrote:> On 09/11/2022 12:29, Kees van Vloten via samba wrote:
>>>
>> You're right about kerberos, it sends encrypted data.
>> But reading the use-case: create, modify, delete, (etc.) accounts, I
don't
>> see how that can be done with kerberos alone.
>
> You can do most of those with samba-tool, the only problem would be
'modify'.
> You can rename a user with samba-tool, but if want to just change an
> attribute value, you will need to write a script around ldbsearch and
> ldbmodify.
We are actually doing this right now, from PHP through SSH. But the overhead
of starting a SSH-session, starting smb-tool and then doing the operation
for every user is too much when we have thousands of users. We also have the
need to create and remove hundreds of users every spring and autumn.
That's why we want to use a library in PHP and LDAP instead. If I understood
my colleague correctly we can decrese the time for each operation at least
one order of magnitude.
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020