[Samba] Samba and LDAP backend - howto docs problems?

Graham Leggett minfrin at sharp.fm
Wed Mar 10 17:55:30 GMT 2004


John H Terpstra wrote:

>>Samba's LDAP configuration exists in the smb.conf file. pam_ldap /
>>nss_ldap's configuration exists in the ldap.conf file.

> Samba works with OpenLDAP, Sun iPlanet (Identity Server), IBM Tivoli
> Directory server, CA's product, Novell eDirectory, etc. So precisely how
> do you suggest we integrate all of these plus Samba so there is no
> duplication _AND_ so that the resulting code can be maintained?

All the software you've listed are LDAP servers, I was referring to 
nss_ldap, an LDAP client whose config is found in /etc/ldap.conf, which 
as you explain below is required for a proper functioning Samba + LDAP 
system.

I understand that nss_ldap runs on a number of platforms, which means it 
is reasonably safe to assume that /etc/ldap.conf will be there, and if 
it's not there, the existing LDAP config directives can be used as a 
fallback, or Samba can be taught other places to look for the system's 
LDAP config.

> In my opinion, Samba has to remain independant of ALL system tools.

I agree, but Samba requires nss_ldap - if Samba is to maintain a 
separate LDAP config from nss_ldap, then I would say that Samba should 
not need the services of nss_ldap - it should be able to query this 
information for itself.

> Given that Samba is Open Source software, who has responisbility to affect
> perfect integration? How will all the projects get integrated security and
> authentication support?
> 
> Just remember:
> 	- The Samba-Team is not a massive corporation
> 	- We do not control any other project we may depend on
> 
> So precisely HOW can we solve all these difficulties? I can not provide a
> better answer, other than the need for Open Source and Commercial open
> public software standards - something I am already working towards
> privately.

By starting to address the fact that Samba is IMHO unnecessarily 
complex. Work should be done on finding ways to simplify the config and 
the operation of Samba, by looking for duplication and over-complex 
elements, and finding elegant ways to simplify them. Samba's ability to 
perform useful things doesn't amount to anything, if it takes a PHD to 
figure out how those useful things work.

> The HOWTO is a document that aims to expound HOW the tools can be used.
> The Samba-3 by Example book aims to provide working solutions. It is
> unrealistic to attempt to do both in one book. Even as it is, the HOWTO is
> too big. The major improvement I have planned for the HOWTO is improved
> indexing - in time this will happen. As to content - please contribute.

I think it would be far more valuable to spend time simplifying the 
software rather than trying to add even more documentation, of which 
there is already a significant amount.

Regards,
Graham
--



More information about the samba mailing list