[Samba] Samba + LDAP

Guenter Kukkukk linux at kukkukk.com
Fri Oct 12 07:13:00 GMT 2007 

Am Freitag, 12. Oktober 2007 06:58 schrieb John H Terpstra:
> On Thursday 11 October 2007 22:57, Daniel L. Miller wrote:
> > Are the IDEALX tools necessary for "complete" integration with LDAP?  Or
> > is the built-in support sufficiently advanced now?
> >
> > Daniel
> 
> Daniel,
> 
> What function do you believe the IDEALX tools serve?  Why do you think these 
> scripts are needed?  What makes you think that "built-in support" might be 
> the right (or best) solution?
> 
> Have you read the Samba documentation? Specifically, is there anything in the 
> Samba3-HOWTO or in Samba3-ByExample that would lead you to believe that there 
> is any attempt to supercede the necessity for the IDEALX tools (or an 
> alternative set of scripts that is external to Samba itself)?
> 
> What does "complete" integration with LDAP mean to you?
> 
> You are not the first person to ask questions like these.  It would help me to 
> write more useful documentation if I could better understand what is behind 
> the questions.
> 
> In case you do not know of the books "Samba3-HOWTO" and "Samba3-byExample" 
> they can be obtained from:
> 
> 	http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
> 	http://www.samba.org/samba/docs/Samba3-ByExample.pdf
> 
> The IDEALX tools are a means of creating and managing UNIX user and group 
> accounts in the LDAP directory.  Samba can then create and manage the Windows 
> (SambaSAM) account information that is necessary to support Windows network 
> activities.
> 
> As a network administrator, I want total control over how UNIX accounts are 
> managed in my LDAP directory and I would not want this done by Samba - 
> particularly if that removes my ability to control how this is done.  Your 
> mileage may vary, but I suspect most UNIX administrators who manage Samba 
> would not want to lose control of the UNIX part of the directory.
> 
> For example, if Samba had total control over all Windows networking (Samba) 
> accounts, and the Windows network administrator deletes a user account, but 
> the users also has vital UNIX files, how should the deletion of the UNIX 
> account information be handled?
> 
> By keeping the LDAP administration scripts that impact the UNIX account 
> management separate from the Windows (Samba) account part, the administrator 
> can exercise greater control over.  - Just my $0.02 worth.
> 
> Cheers,
> John T.

Hi John,

there is ongoing work to avoid (some) external scripts

http://wiki.samba.org/index.php/Ldapsam_Editposix

Cheers, Guenter

More information about the samba mailing list