LDAP questions ...

C.Lee Taylor leet at leenx.co.za
Fri Oct 26 05:50:56 GMT 2001 

Greetings ...

	Thanks go to all the Samba team, as always this includes users, 
developers and people who help other Samba people.

	Been awaiting a while to get Samba 2.2.2 and now that I have, I have 
recompiled with ldapsam and starting playing.

	Things seems great on my devs box, just wanting to find out a few things 
( double check ) ... I know that ldap is still in development, and I 
guess that I might not even get a reply, but I thought that I would try.

	After searching the internet for information reguarding Samba and LDAP, I 
found very little that made sence to me or was right, like the readme in 
/doc/samba-2.2.2/examples/LDAP. It states that Samba is not able to 
access the LDAP data, but has to have it exported to smbpasswd.  Since 
this was right before Samba 2.2.2, but not any more ... The LDAP stuff 
might still be very basic and in development, but it is a start, at 
least for me.  ( Thanks again guys ) ...

	With all the information that I find, I am going to try and write some 
docs for the LDAP stuff ( I will have some one proff read it, and turn 
it back into english before I put it out into the wild. )

	Now with the questions.

	If one uses LDAP to store the password ( lmPassword & ntPassword ), does 
this mean that the unix ( userPAssword ) will not be changed when a user 
changes their password? If this is a the case, could someone explain to 
me why.  It was possible to do this with smbpasswd.

	If one uses "obey pam restrictions = yes" is there a need for Samba to 
keep it's account details as well as shadow account details ... ie ( 
pwdLastSet == shadowLastChange ) and so on ...

	I would like to use LDAP to store all my users details and information in 
one place, I am sure that is what alot of other people are wanting too. 
  I like to take the minalist a proach.  In LDAP I wish to keep as 
little information as possible, keep some system wide defaults. Like 
smbHome and things like that.  I been able to change one thing in one 
place and have it do it's job, but after testing the LDAP support in 
Samba, I found that for a user having an LDAP account, it added all the 
LDAP attrib's.  I am sure that I read on the list a while ago, that 
somebody submitted a patch that would give a little flexiblity with 
this.  If the attrib's for the user where not found in LDAP, it would 
use the system defaults. Has this patch not been add to the system, or 
is there another option I should set?

	Also, could someone explain what each attrib means/does ...

	Something to do with the samba.schema, displayName conflicts with 
inetorgperson.shema ( RFC2798 ), easy to fix on my side, thought I would 
just put it out there.

	I have more question, but first would like to look at these and see what 
info I can get and take it from there.

Thanks.
Mailed
Lee

More information about the samba-technical mailing list