Pierangelo Masarati wrote:
Andrew Bartlett wrote:
Samba4's clients are written expecting AD's behaviour, and while I might hope that they would explicitly request the attributes they need, if I can make such mistakes in my test scripts, so can they...
The addition of this feature is (almost) trivial. So the decision should be based on:
- should this "feature" be exposed to all users, or
- should it be exposed only to users using samba4 as proxy?
I think the latter. See, my main scope as a consultant is directory integration/consolidation. So my recommendation is that everything should be avoided which turns an OpenLDAP directory into a special Samba4 LDAP backend which is not usable with other LDAPv3 compliant software anymore.
How about such an overlay specially treating * based on <who> like defined in ACLs? Or maybe one should recommend in a deployment note to use this overlay with back-ldap?