[Samba] Samba + LDAP

John H Terpstra jht at samba.org
Fri Oct 12 04:58:36 GMT 2007 

On Thursday 11 October 2007 22:57, Daniel L. Miller wrote:
> Are the IDEALX tools necessary for "complete" integration with LDAP?  Or
> is the built-in support sufficiently advanced now?
>
> Daniel

Daniel,

What function do you believe the IDEALX tools serve?  Why do you think these 
scripts are needed?  What makes you think that "built-in support" might be 
the right (or best) solution?

Have you read the Samba documentation? Specifically, is there anything in the 
Samba3-HOWTO or in Samba3-ByExample that would lead you to believe that there 
is any attempt to supercede the necessity for the IDEALX tools (or an 
alternative set of scripts that is external to Samba itself)?

What does "complete" integration with LDAP mean to you?

You are not the first person to ask questions like these.  It would help me to 
write more useful documentation if I could better understand what is behind 
the questions.

In case you do not know of the books "Samba3-HOWTO" and "Samba3-byExample" 
they can be obtained from:

	http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
	http://www.samba.org/samba/docs/Samba3-ByExample.pdf

The IDEALX tools are a means of creating and managing UNIX user and group 
accounts in the LDAP directory.  Samba can then create and manage the Windows 
(SambaSAM) account information that is necessary to support Windows network 
activities.

As a network administrator, I want total control over how UNIX accounts are 
managed in my LDAP directory and I would not want this done by Samba - 
particularly if that removes my ability to control how this is done.  Your 
mileage may vary, but I suspect most UNIX administrators who manage Samba 
would not want to lose control of the UNIX part of the directory.

For example, if Samba had total control over all Windows networking (Samba) 
accounts, and the Windows network administrator deletes a user account, but 
the users also has vital UNIX files, how should the deletion of the UNIX 
account information be handled?

By keeping the LDAP administration scripts that impact the UNIX account 
management separate from the Windows (Samba) account part, the administrator 
can exercise greater control over.  - Just my $0.02 worth.

Cheers,
John T.

More information about the samba mailing list