[Samba] Checklist for eDirectory back-end?

Mike Hogan mhogan at theiteam.ca
Wed Nov 15 04:36:44 GMT 2006 

Thanks for the response.

I've been scheduled to work with our Novell Guru tomorrow.  He's
suggesting we use a DirXML link between AD and a Windows 2003 server to
"fake" the authentication.  The ultimate goal, though, is to get it
working with eDirectory.

I'll let you know if we figure something out - the Novell fellow is
optimistic that we should be able to do this with universal passwords
(which we do use and mirror from the real passwords) and LDAP calls.

We'll see.

Mike


On 14/11/2006, at 11:24 AM, David Harrison wrote:
> On 11/11/2006, at 1:10 PM, Patricio A. Bruna wrote:
>
>> You have to look in Novell site.
>> maybe start in:
>> http://www.novell.com/coolsolutions/appnote/11788.html
>
> You may run into trouble as you follow this document through as it  
> assumes you have a Novell Open Enterprize Server in the directory  
> tree.
> The process of adding an OES system to the tree extends the schema  
> in a number of not clearly documented ways.
> If you are not running OES then extending the schema to work with  
> correctly with Linux User Manager as described is a very difficult  
> task, I could not get it to work on a vanilla eDirectory install  
> with all the relevant schema extensions applied (that is the  
> extensions I could identify through trial and error).
>
> If you do get Samba/eDirectory authentication working by following  
> this article without resorting to adding OES to the tree I would  
> like to hear how.
> Considering the power of Samba and Novell's financial interest in  
> it you would assume getting eDirectory to work with it cleanly  
> would be a much simpler task than what is described above.

Sorry I was mistaken the Novell document I was referring to which  
references Linux User Manager and OES is this one:
http://wiki.novell.com/index.php/OES_as_PDC

The document referenced above (http://www.novell.com/coolsolutions/ 
appnote/11788.html) does not utilise Universal Password or provide  
any identification functionality above basic user access. This maybe  
what you are after but personally I would prefer something that did  
not require users to maintain multiple passwords, integrates with  
other Windows/Samba servers more closely and provided the smooth  
administration experience of the iManager LUM plug-in.

More information about the samba mailing list