Hello Marc,
In my environment (~5000 accounts, over 500 client devices) only relatively
small part (lets say, 20%) relays on Samba. But all authentication issues
relays on LDAP. As I wrote before, we have perfectly working, tuned and well
known dedicated LDAP server, which can be even switched to commercially
supported solution (Red Hat Directory Server). It is developed for years,
scalable, stable as rock, etc. I have tons of scripts that do various LDAP
tasks, I have commercial tools to managing it. Now, migrating
business-critical service to a new product (Samba Internal LDAP), which was
created, so to say, as a side effect (correct me if I'm wrong) and which is
still under development (e.g.: user-defined schemas are still experimental,
as Samba FAQ says) doesn't sounds for me like a good idea.
I'm sure that Samba AD works perfectly for all operations related to SMB/AD
and I'm not agains that. I've read why developers choose that way and I
totally agrees with that. I don't want to push all the Windows attributes in
external LDAP. But also I'd like to let the external LDAP the rest of
authentication/authorisation issues (not related to Windows Auth). In such
scenario, the possibility to synchronise passwords is very important.
Otherwise we are going backwards.
--
best regards,
Tomasz
--
View this message in context:
http://samba.2283325.n4.nabble.com/passwd-program-in-samba4-tp4647906p4648535.html
Sent from the Samba - General mailing list archive at Nabble.com.