Comment 15 for bug 24184

The cleanest way to do this is to not use /etc/passwd or the smb database and switch the entire user/password infrastructure to LDAP. This would of course be quite a large undertaking as it would affect much more than just SAMBA, but it might be well worth it for future growth, especially when it comes to enterprise use.