[Samba] smb-ldap or not to smb-ldap

Craig White craigwhite at azapple.com
Sat Apr 1 14:10:32 GMT 2006

On Sat, 2006-04-01 at 12:56 +0100, Antony Gelberg wrote:
> [Sorry for my previous empty post, lost it for a second.]
> Craig White wrote:
> > On Fri, 2006-03-31 at 16:30 +0100, Antony Gelberg wrote:
> > 
> >>Hi all,
> >>
> >>We are deploying a Linux server and desktops for a customer.  We will
> >>have the users and groups in LDAP on the server, and files shared via NFS.
> >>
> >>However, one never knows if Windows desktops will be needed in the
> >>future.  Is it a good idea to add users with smb-ldap even if samba is
> >>not initially used, as adding the samba attributes to an existing LDAP
> >>database is painful, and the smb-ldap created users will have the
> >>relevant POSIX credentials to be able to login anyway?
> > 
> > ----
> > It would seem to me that a successful LDAP implementation is going to
> > have an administrator who can script changes to the users attributes
> > when necessary, otherwise, it's not just a down the road implementation
> > of samba that will make things difficult.
> > 
> > My thinking is that time spent now to acquire skill sets is better than
> > spending time to configure an imagined samba implementation which may
> > happen down the road.
> You're right, but time is not always that easy to come by and
> smbldap-tools is a real time-saver, being so powerful.
> > That being said, it probably won't hurt anything to implement
> > smbldap-tools but consider that the real issue is the tool sets you use
> > to create/modify existing users outside of the samba realm must all
> > anticipate the samba schema because the smbldap-tools are for samba
> > based tools.
> There is no requirement to have users who aren't part of the samba realm
> i.e. with POSIX login only, so we can always use the smbldap-tools
> toolset.  Or did I misunderstand your point?
yeah, I think you did miss the point - not that it was very important.

He's asking about pre-configuring smbldap-tools without an intention or
a plan to implement for the near future as a just in case proposition
because he doesn't know how to go back in add attributes/objectclasses
to his existing DSA.

I'm suggesting that learning to do that would likely be a better
investment in time than trying to calculate what an unneeded samba setup
would look like so he can configure it now in anticipation. I'm
suggesting that the problem down the road won't be because he didn't
configure smbldap-tools out now, but more likely to be not knowing how
to manipulate the entries in LDAP on a mass scale.


More information about the samba mailing list