[Samba] Samba and LDAP backend - howto docs problems?

[Andreas]

On Wed, Mar 10, 2004 at 06:31:42PM +0200, Graham Leggett wrote:
> I learn however that this is _not_ so - if nss_ldap is not configured 
> correctly, Samba + LDAP won't work. Which leads me on to ask: Why does 
> Samba not read the LDAP configuration from ldap.conf by default, instead 
> of asking for the same information a second time?

Because I may be not using nss_ldap at all. I could be storing users in
/etc/passwd as usual and only the samba attributes in LDAP. Flexibility,
which comes at a price :)

> This is also a security issue - the root DN password for the LDAP server 
> is stored twice. It is also a usability issue - six months from now is 
> my replacement going to know that the LDAP password needs to be set in 
> two places? Of course not.

There is some other discussion going on which relates to this and is password
policies. In the future samba may not need the ldap root password.

> 2) Too Much Rope
> 
> When users / groups / etc are added to Samba via the normal Windows 
> based admin tools, Samba allows the user to specify a script to do the 
> job. This as a virtually infinitely flexible solution.
> 
> But the average (99% of cases) system administrator does not need an 
> infinitely flexible system, but rather a system that will get the job 
> done with as little fuss as possible, and in as standard a way as 
> possible, so that third party LDAP database editing tools need not be 
> modified for this particular system's quirks.

Perhaps a standard script included in the samba package and already configured
in smb.conf would help?