[Samba] Re: LDAP account management tools?
Andreas Haumer
andreas at xss.co.at
Wed Dec 14 20:52:38 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
Craig White schrieb:
> On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote:
>
[...]
>>
>>An (incomplete) list of those "best practice" topics might include:
>>
>>* overall layout of LDAP tree
>> Deep or shallow? What ou should be there?
>
> ----
> not really a samba issue
> ----
>
>>* how to store passwords
>> cleartext? crypt? SSHA? MD5? What are the pros and cons?
>
> ----
> not really a samba issue
> ----
>
Agreed, but still these decisions have to be made if a
LDAP database is to be set up and used as system
account database, with or without Samba.
And for me (and I'm sure for many others, too) Samba
(read: the release of Samba3 with much improved LDAP
support) was the main reason to deep into the universe
of LDAP directories and account databases.
>>* where to store machine trust accounts?
>> Should you sub-structure your accounts ou or not?
>>* use DSA for NSS, PAM, Samba, Radius, replication, etc.?
>> pros? cons? Impact on ACL?
>>* Where to store the sambaDomainName entry?
>> (directly at the tree root or use your own ou?)
>>* best way on how to configure your ACL
>>* Which tools should one use to change user passwords?
>> smbldap tools? Web GUI? PAM with pam_ldap?
>
> ----
> Methinks that the future samba wiki might be a good place for this
> ----
>
I agree.
This even might be sort of a "standardisation driving force"
for LDAP system account database structure. Currently there
doesn't seem to exist such standard (apart from very basic
things)
- - andreas
- --
Andreas Haumer | mailto:andreas at xss.co.at
*x Software + Systeme | http://www.xss.co.at/
Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0
A-1100 Vienna, Austria | Fax: +43-1-6060114-71
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDoIYVxJmyeGcXPhERAlu+AJwJW2fdJVN5lJ+5anky2Uq0vHetmQCfVGXL
hA6SGWWrwqVli8yhe98U+aI=
=Tsge
-----END PGP SIGNATURE-----
More information about the samba
mailing list