On Wed, 2005-03-23 at 20:12 -0600, Paul wrote: > On Wed, 2005-03-23 at 18:17 -0600, Les Mikesell wrote: > > On Tue, 2005-03-22 at 23:50, Paul wrote: > > > Well they vary from small (a few hundred) to large (hundreds of > > > thousands of entries). I'm thinking of the smaller side of the spectrum > > > where you are dealing with a fairly flat structure. I believe that SELS > > > 9 includes a plugin to Yast to do that. > > > > The LDAP database everyone who doesn't already have one wants would have > > PosixAccount and SambaAccount schemas set up so you make one entry and > > change your password in one place and you can log in to any Linux/Unix > > box on the net and also use it as your Windows domain controller with > > same login/passwords. Nice, but less essential would be the addressbook > > entries that work with Outlook and other MUA's, and the email delivery > > entries that work with sendmail to allow distributed mailboxes. Isn't > > this stuff close enough to a standard that it could work out of the box? > > That is, have a checkbox item to make a machine an LDAP server like the > > one to make it a client. > > I agree it should be pretty much like that ... launch a wizard, input > the base dn, check to see if samba is installed and ask if you want it > to use OpenLDAP for authentication and if it is the primary or backup > domain controller update the smb.conf and have it populate a basic tree. > > SuSE Enterprise 9 supposedly has that functionality with a yast > plugin ... I have not had a chance play with SELS 9 yet. > > Fedora should have something like system-config-ldap would be nice to > have to make RH/Fedora better for small organizations with a part-time > or single person IT staff. > > I've looked at several GUI tools to manage OpenLDAP, but they are either > too generic or not maintainted and don't support Samba 3 schema or have > stability issues. ---- lam http://sourceforge.net/projects/lam webmin http://www.webmin.com personally - I use Webmin...of course, the initial LDAP setup is manual but once structure is in place, I can channel all interaction (manage user accounts, groups etc. for Posix and Samba accounts, even create user addressbooks, free/busy URL's etc. in LDAP DSA This is the second time you mentioned SELS 9 but I've always seen it stated as SLES 9 (SuSE Linux Enterprise Server) - just checking if you are referring to the same thing Often discussed (and I get yelled at by John Terpstra - maintainer of Samba Documentation) on the samba@xxxxxxxxxxxxxxx mail list Concept is turnkey LDAP/Samba - they use the IDEALX scripts - no doubt that SLES 9 is using some implementation of them. It all sounds real good but you end up with administrators that aren't entirely certain what LDAP is, how to maintain it, how to fix it, how to secure it and how to get other applications to work with it. People are pulling their hair out trying to get it to work before they understand the first thing about LDAP. My own personal favorite question/answer goes like this... Q) how come I can't get XXXX application to work with LDAP? A) what happens when you use that information in cli - ldapsearch ... Q) I have gotten that to work for me The questions from the users on that list are really really ugly - they are trying to set up LDAP and samba at the same time and they haven't the first clue where the setup problems of one begins and the other one ends. I can see your point though - the need to have network administration by dummies - those that don't know the technologies, the security implications, can't troubleshoot and can't even articulate a question that describes the problem that they are having...only that they know it isn't working. I guess I'm happy believing that Microsoft had this niche well served. I can see the motivation for Novell/SuSE to make a grab for this market though. Watching the masses turn off SELinux on this list because they don't get it should be a clue as to how well a Samba/LDAP turnkey solution is going to go over...lots of angst hurled in every direction. Craig
