[PATCH] Provisioning external LDAP server

Endi Sukma Dewata edewata at redhat.com
Thu Feb 11 18:04:45 MST 2010

----- "Andrew Bartlett" <abartlet at samba.org> wrote:

> > So basically the responsibility to create an LDAP server with the
> > right configurations for Samba is left to the LDAP administrator.
> > We can provide step-by-step instructions, but they will be manual
> > steps. The provisioning tool will not do this.
> The problem is, I don't like manual steps either :-).  Where I guess I'm
> going is that the public interface 'provision' needs to be kept very
> simple - I'm much less worried about what is then inside it.  

> Perhaps a better option would be to have separate scripts that do
> exactly what you want, but are kept away from where our admins would
> normally look.  

Ok, how about creating a script called create-backend and it takes
parameters required to setup the LDAP server, for example:
* Install directory
* Admin DN
* Admin password
* Suffix
* Server account
* LDAP Port

The list of parameters doesn't need to be extensive because the admin
can further customize it if needed. But the list should be much simpler
than the provisioning parameters. I hope we wouldn't need to specify the
domain SID here.
The provisioning tool itself will take the ldap-external-uri parameter
as I described previously. If you don't specify this parameter, it
will create the internal LDAP server like right now. What do you think?

Endi S. Dewata

More information about the samba-technical mailing list