On Thu, 2005-03-24 at 21:00 -0600, Les Mikesell wrote: > On Thu, 2005-03-24 at 18:59, Craig White wrote: > > see this is what confuses me - k12ltsp is thin clients for Linux server. > > Windows domain controller seems to be totally out of purview of k12ltsp. > > First, the thin clients are not the issue: users log into the server via > xdm. The problem is that a server handles only 30 or so clients and > they want to be able to set up hundreds of terminals with minimal > per-server setup (and no per-client setup...). Their solution is to NFS > export the home directories to all the servers and do network > authentication. Then any number of other servers can be used and > any user can log in at any terminal. Most already have Windows boxes > and Macs on the network and many are happy about being able to > teach in a heterogenous environment. They use login scripts on the > windows boxes to map the users home directory as a drive at login - some > with roaming profiles to allow anyone to log in anywhere. Some are > booting macs as thin clients - I think others use X under OSX and log > into the k12ltsp servers from there. I don't see anything confusing > about wanting to do this. ---- OK well - one size fits all LDAP just isn't gonna cover all this - nor can it. I would take a slightly different approach in each of these various scenarios ---- > > The purpose of the IDEALX scripts is to facilitate the use of > > Microsoft's 'User Manager for Domains' utility aka usrmgr.exe > > I think being able to mange passwords in one place regardless of > the plaform(s) where you log in is the main point. ---- but IDEALX scripts provide the absolute minimum necessary beyond what Windows needs - if Windows isn't part of the scenario - IDEALX scripts and using usrmgr.exe is a rather pointless exercise. ---- > > > While this tool does a reasonable job for Windows attributes, it falls > > far short in all other areas so the IDEALX scripts too end up being > > mostly inadequate for a more comprehensive solution. > > Yes, there have been several people asking about web/GUI programs to > manage the LDAP data. And others reporting varying degrees of success. ---- most people write their own - I use webmin <http://www.webmin.com> and some 'gap' scripting ---- > > > Based on my experience on samba@xxxxxxxxxxxxxxx and turnkey installation > > of IDEALX scripts, there is going to be a LOT of pain, anguish, > > frustration and recrimination going on in k12ltsp arena if they actually > > implement this. > > And the other options would be???? ---- learning LDAP ---- > > > Surely your not expecting this discussion on this list to get anything > > done in this regard. > > --- > > I guess I was hoping that things weren't really as bad as I thought and > someone would point me to an ldap-config.rpm package. Sort of like > what happens when you ask about something simple like a video > recorder with a bunch of codecs ... ---- there isn't any LDAP fairy dust - sorry ---- > > > In fact, this is the ugly truth about LDAP - once you finally get > > it...you get it. Until then, it's a bitch. So to implement even a core > > LDAP setup without a full understanding, you can't troubleshoot, you > > can't fix it, you can't even describe what it is that isn't working. > > It's a tragedy that I see playing out daily on the samba list. They've > > now moved much of that traffic over to ldap-interop list so it plays in > > two separate arena's now. > > I suppose the practical way to deal with it is something like: > http://tools.arlut.utexas.edu/gash2/ which keeps all your > user data in a totally independent database and exports it > in formats to work with everything that needs it. It just sounds > like horrible overkill not to use the system native tools. ---- I guess I don't see the point of substituting one horribly complex non- standard system for a somewhat complex standard system. The solution seems rather obvious to me - learn how to use LDAP. All of the FUD seems almost self defeating. While there isn't any magic LDAP fairy dust - it is technology that people can grasp and use. It's flexible and durable. The biggest problem people have is that they want to grasp the knowledge via visible tools - a GUI - and it doesn't lend itself well to that. Sure there are GUI browsers but they don't work until you get it set up and working and people want to use it to set LDAP up and make it work. The answer is simple... Use the LDAP administrators guide at openldap or better yet, the book that made it easy for me...Gerald Carter's LDAP System Administration (he's one of the dudes from samba) book is getting a little dated but it gets you there. learn how to use the tools that are provided...ldapmodify/ldapadd/ldapsearch. Once you get that, you got it made. Craig