[Samba] Re: LDAP account management tools?

Andreas Haumer andreas at xss.co.at
Wed Dec 14 20:52:38 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Craig White schrieb:
> On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote:
> 
[...]
>>
>>An (incomplete) list of those "best practice" topics might include:
>>
>>* overall layout of LDAP tree
>>  Deep or shallow? What ou should be there?
> 
> ----
> not really a samba issue
> ----
> 
>>* how to store passwords
>>  cleartext? crypt? SSHA? MD5? What are the pros and cons?
> 
> ----
> not really a samba issue
> ----
> 

Agreed, but still these decisions have to be made if a
LDAP database is to be set up and used as system
account database, with or without Samba.

And for me (and I'm sure for many others, too) Samba
(read: the release of Samba3 with much improved LDAP
support) was the main reason to deep into the universe
of LDAP directories and account databases.

>>* where to store machine trust accounts?
>>  Should you sub-structure your accounts ou or not?
>>* use DSA for NSS, PAM, Samba, Radius, replication, etc.?
>>  pros? cons? Impact on ACL?
>>* Where to store the sambaDomainName entry?
>>  (directly at the tree root or use your own ou?)
>>* best way on how to configure your ACL
>>* Which tools should one use to change user passwords?
>>  smbldap tools? Web GUI? PAM with pam_ldap?
> 
> ----
> Methinks that the future samba wiki might be a good place for this
> ----
> 
I agree.

This even might be sort of a "standardisation driving force"
for LDAP system account database structure. Currently there
doesn't seem to exist such standard (apart from very basic
things)

- - andreas

- --
Andreas Haumer                     | mailto:andreas at xss.co.at
*x Software + Systeme              | http://www.xss.co.at/
Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
A-1100 Vienna, Austria             | Fax: +43-1-6060114-71
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDoIYVxJmyeGcXPhERAlu+AJwJW2fdJVN5lJ+5anky2Uq0vHetmQCfVGXL
hA6SGWWrwqVli8yhe98U+aI=
=Tsge
-----END PGP SIGNATURE-----

More information about the samba mailing list