On Thu, 2005-03-24 at 23:02, Craig White wrote: > ---- > OK well - one size fits all LDAP just isn't gonna cover all this - nor > can it. I would take a slightly different approach in each of these > various scenarios > ---- That's the part of this conversation that hasn't made any sense to me yet. How can setting up a server to include all of the attributes that a different set of clients might query 'not work' even if you don't use some or all of those clients? > > > The purpose of the IDEALX scripts is to facilitate the use of > > > Microsoft's 'User Manager for Domains' utility aka usrmgr.exe > > > > I think being able to mange passwords in one place regardless of > > the plaform(s) where you log in is the main point. > ---- > but IDEALX scripts provide the absolute minimum necessary beyond what > Windows needs - if Windows isn't part of the scenario - IDEALX scripts > and using usrmgr.exe is a rather pointless exercise. > ---- Why does it matter how you manage the contents of the directory? The point is that you need the samba/domain setup to be available if you ever connect with windows. How can it hurt for it to be already done on the server even if you don't plug in a windows box until next week? > > > > And the other options would be???? > ---- > learning LDAP > ---- Why wouldn't you want a setup exactly like one that you know works in a lot of other places? Creating a unique setup is usually the worst thing you can possibly do. > > I suppose the practical way to deal with it is something like: > > http://tools.arlut.utexas.edu/gash2/ which keeps all your > > user data in a totally independent database and exports it > > in formats to work with everything that needs it. It just sounds > > like horrible overkill not to use the system native tools. > ---- > I guess I don't see the point of substituting one horribly complex non- > standard system for a somewhat complex standard system. The horribly complex system is designed to deal with any number of other complex non-standard systems. That is, it provides its own GUI and concept of permissions to manage the data and then can update whatever other bizarre systems you want, including windows domains, unix passwd files, and probably ldap. > While there isn't any magic LDAP fairy dust - it is technology that > people can grasp and use. It's flexible and durable. Yes, but what good is a server unless it supplies what the clients request? And why would one network of Linux, Windows, and Mac boxes need/want something different than any other network that wants to be ready to use any of these? > The biggest problem people have is that they want to grasp the knowledge > via visible tools - a GUI - and it doesn't lend itself well to that. Hence the Ganymede concept, which does, but at a horrible cost... > Use the LDAP administrators guide at openldap or better yet, the book > that made it easy for me...Gerald Carter's LDAP System Administration > (he's one of the dudes from samba) book is getting a little dated but it > gets you there. OK, if I could learn it from something written down, why can't I copy in an existing, working config, change the dn and be working? That is, why would one person following the book end up with something different from another person that wants to cover the same range of clients? > learn how to use the tools that are > provided...ldapmodify/ldapadd/ldapsearch. Once you get that, you got it > made. Those are all simple enough other than the bizarre syntax for searching, but it doesn't tell me what the clients are going to request or why my clients might be different from yours. Or why it would hurt to include the things your clients use too, even if I don't run the same ones yet. -- Les Mikesell les@xxxxxxxxxxxxxxxx