On Fri, 2005-01-14 at 08:46, Aleksandar Milivojevic wrote: > > Ah, now we are getting back to something actually relevant to fedora. > > It would be really nice if a packaged LDAP configuration worked out > > of the box and included the schemas needed for a posix account, a samba > > account, and the mail delivery stuff that sendmail and postfix can > > use for distributing mail with user@domain addressing across multiple > > machines, along with tools to manage the database. Does this exist > > somewhere? All the versions I've seen involve customizing the schemas > > and I've always been afraid that as soon as I did that a working but > > incompatible version would become part of the distribution. > > AFAIK, Fedora comes with all standard schema files distributed with > OpenLDAP. This includes posixAccount object class (part of nis.schema, > and guess what, slapd.conf as shipped in Fedora RPM includes it at the > very beggining). There's one additional schema file for autofs inthere > too. Check /etc/openldap/schema directory for more. If you need to add > some "nonstandard" schema, such as for example the one describing > Kerberos principals, or the one used by Sendmail > (/usr/share/sendmail-cf/sendmail.schema), simply drop it into that > directory and include it from slapd.conf or include it directly from > wherever it originally lives (if it is already part of an RPM, such as > the one for Sendmail). > > I don't have Samba installed anywhere handy to check it out, but I'd > venture that its schema file is included in Samba RPM, or at least in > Samba's doc RPM (simply copy it over to your LDAP server). Yes, the bits and pieces are all there, although I'm not sure the mail part is really standard (do sendmail/postfix/cyrus all use the same thing, and what about aliases and groups?), but how useful is it if you can't expect all versions to match? You also need a tool that populates all of the common fields at once. By default you probably want the posix, samba, and email accounts to match without typing them again and you'll want to change passwords in one place and affect them all. Redhat/fedora has the market share to become the standard if they just shipped something that came up working as installed. I doubt if anyone else can do that now. -- Les Mikesell les@xxxxxxxxxxxxxxxx
