[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager -> sambaadmin)

John H Terpstra jht at samba.org
Fri Mar 3 04:38:46 GMT 2006

On Thursday 02 March 2006 01:38, Gordon Messmer wrote:
> adrian sender wrote:
> > I am sticking to the documentation, (samba 3 by example by jht)
> > excellent book!;
> Yes, it's an excellent book.  I have a copy, myself.  However, you won't
> get anywhere "sticking to" its LDAP documentation.
> The LDAP documentation in "Samba-3 by Example" is BAD.  Very bad.  It
> completely abrogates any discussion of security as a matter that the
> user should be expert enough to handle, and gives example configuration
> files that are completely open to attack.  It would have been better to
> ignore the LDAP server's configuration entirely and explicitly state
> that admins are expected to be able to do it on their own.

Where were you when I asked for feedback and review? 

When will you provide updates to the documentation that improve its real 

I hope you are willing to contribute corrections and improvements and not just 
criticism. All contributions are most appreciated.

> Further, "Samba-3 by Example" assumes that you have a working directory,
> to begin with.  Using OpenLDAP, you must create the containers (using

Please explain this claim? 

Where does chapter 5 of "Samba-3 by Example" make that assumption?

Are you sure that chapter 5 does not provide clean-slate installation 
instructions that create a fully working LDAP directory that has been 
correctly populated?

> slapadd, or ldapadd and the "rootdn") before you can bind and populate
> the directory with other tools.  This is covered in the quickstart guide:
> http://www.openldap.org/doc/admin23/quickstart.html
> I think you should follow Craig's advice, get your hands on a copy of
> "LDAP System Administration", and go through it carefully.  LDAP is a
> wonderful enabling technology, but if you don't understand how it works,
> you'll get terrible performance, and risk exposing private data.

I have no argument with this advice - but please be careful that you do not 
needlessly scare people off from using LDAP.

- John T.

More information about the samba mailing list