integration NT-Dom, LDAP (Netscape, Openldap), Email

[Ingo T. Storm]

Hi,

sorry, I do know that this is not exactly the right list to post to, but it
is the best place (with the brightest minds) I could find. If you think this
is of no interest here, please just ignore it.

I manage an NT-Domain (soon to be 3 or 4 with full trust relationships). My
some 100 users are mainly simple Windows (95 through W2K) desktop users who
don't know too much about differences between Windows password, NT domain
password, email accounts and the like, so I want a single logon to all
services (except W9x windows "passwords"). Currently the domain has NT-PDCs
and BDCs and a very nice mail server called mailsite that uses the NT SAM
for authentication. I successfully run Linux Samba (2.06) servers with and
without domain integration and Linux servers for all internet services
except email (http, ftp, squid, socks, mailing lists, firewalling with
ipchains), so I am not exactly a newbie - i just don't see the big picture
yet.

I would like to move this whole thing to

- a Samba PDC and about 5 BDCs in different network segments (some over slow
WAN links)
- an LDAP server as a department directory service
- Unix/Linux smtp, pop and imap servers auth'ing against PDC/LDAP
- SOCKS with authentication against the PDC/LDAP if possible

I assume that the single logon can only be acheived via PAM and LDAP.

I've read lots of HOWTOs and FAQs but I cannot find a guide on how to
integrate all the services and get a single logon to all of them. Does
anyone have any nice pointers? Something to get me Samba talking to LDAP
(which I do yet not fully understand) would be a very nice starting point.

Cheers and sorry to bother those not interested,

Ingo