[Samba] Samba + LDAP
John H Terpstra
jht at samba.org
Fri Oct 12 04:58:36 GMT 2007
On Thursday 11 October 2007 22:57, Daniel L. Miller wrote:
> Are the IDEALX tools necessary for "complete" integration with LDAP? Or
> is the built-in support sufficiently advanced now?
>
> Daniel
Daniel,
What function do you believe the IDEALX tools serve? Why do you think these
scripts are needed? What makes you think that "built-in support" might be
the right (or best) solution?
Have you read the Samba documentation? Specifically, is there anything in the
Samba3-HOWTO or in Samba3-ByExample that would lead you to believe that there
is any attempt to supercede the necessity for the IDEALX tools (or an
alternative set of scripts that is external to Samba itself)?
What does "complete" integration with LDAP mean to you?
You are not the first person to ask questions like these. It would help me to
write more useful documentation if I could better understand what is behind
the questions.
In case you do not know of the books "Samba3-HOWTO" and "Samba3-byExample"
they can be obtained from:
http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
http://www.samba.org/samba/docs/Samba3-ByExample.pdf
The IDEALX tools are a means of creating and managing UNIX user and group
accounts in the LDAP directory. Samba can then create and manage the Windows
(SambaSAM) account information that is necessary to support Windows network
activities.
As a network administrator, I want total control over how UNIX accounts are
managed in my LDAP directory and I would not want this done by Samba -
particularly if that removes my ability to control how this is done. Your
mileage may vary, but I suspect most UNIX administrators who manage Samba
would not want to lose control of the UNIX part of the directory.
For example, if Samba had total control over all Windows networking (Samba)
accounts, and the Windows network administrator deletes a user account, but
the users also has vital UNIX files, how should the deletion of the UNIX
account information be handled?
By keeping the LDAP administration scripts that impact the UNIX account
management separate from the Windows (Samba) account part, the administrator
can exercise greater control over. - Just my $0.02 worth.
Cheers,
John T.
More information about the samba
mailing list