[Samba] Samba + LDAP
Guenter Kukkukk
linux at kukkukk.com
Fri Oct 12 07:13:00 GMT 2007
Am Freitag, 12. Oktober 2007 06:58 schrieb John H Terpstra:
> On Thursday 11 October 2007 22:57, Daniel L. Miller wrote:
> > Are the IDEALX tools necessary for "complete" integration with LDAP? Or
> > is the built-in support sufficiently advanced now?
> >
> > Daniel
>
> Daniel,
>
> What function do you believe the IDEALX tools serve? Why do you think these
> scripts are needed? What makes you think that "built-in support" might be
> the right (or best) solution?
>
> Have you read the Samba documentation? Specifically, is there anything in the
> Samba3-HOWTO or in Samba3-ByExample that would lead you to believe that there
> is any attempt to supercede the necessity for the IDEALX tools (or an
> alternative set of scripts that is external to Samba itself)?
>
> What does "complete" integration with LDAP mean to you?
>
> You are not the first person to ask questions like these. It would help me to
> write more useful documentation if I could better understand what is behind
> the questions.
>
> In case you do not know of the books "Samba3-HOWTO" and "Samba3-byExample"
> they can be obtained from:
>
> http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
> http://www.samba.org/samba/docs/Samba3-ByExample.pdf
>
> The IDEALX tools are a means of creating and managing UNIX user and group
> accounts in the LDAP directory. Samba can then create and manage the Windows
> (SambaSAM) account information that is necessary to support Windows network
> activities.
>
> As a network administrator, I want total control over how UNIX accounts are
> managed in my LDAP directory and I would not want this done by Samba -
> particularly if that removes my ability to control how this is done. Your
> mileage may vary, but I suspect most UNIX administrators who manage Samba
> would not want to lose control of the UNIX part of the directory.
>
> For example, if Samba had total control over all Windows networking (Samba)
> accounts, and the Windows network administrator deletes a user account, but
> the users also has vital UNIX files, how should the deletion of the UNIX
> account information be handled?
>
> By keeping the LDAP administration scripts that impact the UNIX account
> management separate from the Windows (Samba) account part, the administrator
> can exercise greater control over. - Just my $0.02 worth.
>
> Cheers,
> John T.
Hi John,
there is ongoing work to avoid (some) external scripts
http://wiki.samba.org/index.php/Ldapsam_Editposix
Cheers, Guenter
More information about the samba
mailing list