| Version 8 (modified by jsalamero@…, 4 years ago) (diff) |
|---|
Users and Groups
make plain sldap listen on loopback and use ldaps or TLS for 0.0.0.0
Better management of built-in groups
If you create a group named users, it cause the file shares based in the "Edit group" page to be un-accessible. The unix group becomes "USERS" which will not work with the generated smb.conf file. I believe this is because a conflict with a local group that already contains that name. I guess checking for local groups could prevent this problem.
Ability to set UID/GID
Move all the NSS stuff from the samba module to the usersandgroups module
There might be some modules that need to use LDAP users besides the Samba one. Right now the ebox-samba module is the one doing all the nsswitch.conf and libnss-ldap.conf configuration.
It would be better to push these configuration changes to the usersandgroups module so other modules that need LDAP users don't need to depend on Samba.
Changes required:
- usedFiles: move /etc/ldap.conf, /etc/ldap.secret and /etc/nsswitch.conf to usersandgroups' usedFiles
- file generation
o NSS ldap.conf: right now done in _setSambaConf in Samba.pm, it just seems to rely in:
my $ldap = EBox::Ldap->instance(); my $ldapconf = $ldap->ldapConf(); my $users = EBox::Global->modInstance('users'); so there should be no problem in moving the NSS ldap.conf file generation to the usersandgroups module.
o nsswitch.conf: created in the script ebox-samba-enable, called from enableActions in Samba.pm, move to a ebox-init-ldap script in usersandgroups o ldap.secret: created in the script ebox-samba-enable, called from enableActions in Samba.pm, move to ebox-init-ldap script in usersandgroups
It would also make sense to move the creation of the /home directories to this module.
Right now they are created in Samba, and users end up in /home/samba/users/, they should be created in /home/ directly.
Probably all the samba stuff should go somewhere else like /home/_samba/, /srv/samba/, ...
