I have not used LDAP with Samba. So far I have not needed it. I know that it can be used for login authentication and to give users single sign on and I have not had any requests for that. We just use Samba with system user accounts for login authentication.

Now my client wants better permission control. We are looking at Novell NDS where you can add user to a share, a sub directory inside a share or even just a single file inside a share and give that user the ability to write but not delete or create but not modify or dozens of other permissions that do not fit in the rwxrwxrwx limits of the Linux FS. We realy have a big need for these features but our curent Samba setup does not do that. To do this would be to setup a complicated tree of groups and seperate the shares in to dozens of even hundreds of smaller shares.

Can Samba + LDAP or any other combination of Open Source software give us the permission control that we expect from NDS?