[Samba] Samba 3 by Example - chapter 5 & 6 ( Manager ->
sambaadmin)
John H Terpstra
jht at samba.org
Fri Mar 3 04:38:46 GMT 2006
On Thursday 02 March 2006 01:38, Gordon Messmer wrote:
> adrian sender wrote:
> > I am sticking to the documentation, (samba 3 by example by jht)
> > excellent book!;
>
> Yes, it's an excellent book. I have a copy, myself. However, you won't
> get anywhere "sticking to" its LDAP documentation.
>
> The LDAP documentation in "Samba-3 by Example" is BAD. Very bad. It
> completely abrogates any discussion of security as a matter that the
> user should be expert enough to handle, and gives example configuration
> files that are completely open to attack. It would have been better to
> ignore the LDAP server's configuration entirely and explicitly state
> that admins are expected to be able to do it on their own.
Where were you when I asked for feedback and review?
When will you provide updates to the documentation that improve its real
value?
I hope you are willing to contribute corrections and improvements and not just
criticism. All contributions are most appreciated.
> Further, "Samba-3 by Example" assumes that you have a working directory,
> to begin with. Using OpenLDAP, you must create the containers (using
Please explain this claim?
Where does chapter 5 of "Samba-3 by Example" make that assumption?
Are you sure that chapter 5 does not provide clean-slate installation
instructions that create a fully working LDAP directory that has been
correctly populated?
> slapadd, or ldapadd and the "rootdn") before you can bind and populate
> the directory with other tools. This is covered in the quickstart guide:
> http://www.openldap.org/doc/admin23/quickstart.html
>
> I think you should follow Craig's advice, get your hands on a copy of
> "LDAP System Administration", and go through it carefully. LDAP is a
> wonderful enabling technology, but if you don't understand how it works,
> you'll get terrible performance, and risk exposing private data.
I have no argument with this advice - but please be careful that you do not
needlessly scare people off from using LDAP.
- John T.
More information about the samba
mailing list