[Kolab-devel] Integration of Kolab2 and Samba

Ingo Steuwer steuwer at univention.de
Fri Jul 13 09:13:24 CEST 2007 

Am Donnerstag, 12. Juli 2007 17:00 schrieb Martin Konold:
> Am Mittwoch 13 Juni 2007 schrieb Ingo Steuwer:
>
> Hi Ingo,
>
> > > 1.2 Possible solution
> > >
> > > Kolab with Samba integrated uses exclusivly Samba as a backend for
> > > authentification. Basically this means that SASL is not using LDAP
> > > directly but Samba as a backend.

[ -- cut some technical problems which may be solved in various ways --]

> > > On the other hand SIDs are much more expressive and selfdescribing.
> > > When looking at a SID you can immediately determine if it is a user or
> > > a group.
> >
> > Mhm, you need at least to search for it in LDAP, AFAIK the number alone
> > follows now convention.
>
> A typical SID look like S-1-5-21-2334373287-406835450-3753124356-1110.
>
> "S-1-5-21" contains a version number and a reference to the windows
> security subsystem.
> "2334373287-406835450-3753124356" is the authority of the issueing system
> and "1110" is the relativ authority.
>
> SIDs are _globally_ unique and a lookup is very cheap in order to figure
> out further details about this user/group.

Yes, they are _globally_ unique over users and groups -- you can't determine 
by the SID if it is a user or a group, only by the LDAP-objectClass. So 
having a straight-forward NIS-Mapping may return a group-name if you were 
asking for a user with a given ID.

> > > Make Kolab totally independent from UID/GID concept. Actually the
> > > number of places where UID/GID is used in Kolab is very limited and not
> > > really needed.
> >
> > This would make Kolab totally unusable in Linux-desktop szenarios which
> > want to authenticate against LDAP...
>
> I tend to disagree as this would make Kolab independent on unix UID/GID but
> still allow to put Unix UID/GID info in the LDAP tree for legacy
> applications.

"legacy applications" like KDE/Kontact?

Regards
Ingo Steuwer

> Regards,
> -- martin konold

-- 
Ingo Steuwer           Projektmanagement        steuwer at univention.de
Univention GmbH        Linux for your Business  fon: +49 421 22 232-43
Mary-Somerville-Str.1  28359 Bremen             fax: +49 421 22 232-99
                       http://www.univention.de

More information about the devel mailing list