Greetings I am nearing being prepared to get our corporate network from Active Directory to samba3 with ldap. The last hurdle is to get an administrative interface to the ldap repository containing the users and Groups. I,m hoping for some recommendations. I have attempted the following. Samba Console: http://imc.sourceforge.net/samba-console.html The difficulty I'm having is that it is recommended to install from rpm. Our samba servers are gentoo distributions and hence not rpm distributions. I attemted installing from source but after a good few hours of effort ran into some difficulty that I figured may take more time than I have to resolve. Gosa: https://gosa.gonicus.de/ I've gotten this to work, somewhat. It required me to change my tree structure slightly but it is running. It also requires the addition of objectclasses in ldap which I had difficulty finding documentation for. It also behaves in such a way that when I edit a user with a dn of uid=username,ou=People.. it deletes the object and adds an object with a dn of cn=First last,ou=People.... and the objectclasses and attributes that I have that gosa does not recognize in the user object are then gone. (heimdal kerberos keys specifically). LAM: http://lam.sourceforge.net/ Installed this and I may have set it up incorrectly but I do not see an interface to change group membership. Looks like this is intended as a supplement to some other method of managing membership?? User Manager for domains: Call me old fashioned but I'm just a bit afraid of counting on a microsoft product to manage users, groups and group membership. What I'm looking for is for some anecdotes on the most practical interface to succeed at this. I'd be perfectly comfortable with just writing a few perl scripts and using a generic ldap interface. The issue is that there are 3 other admins here that would not be comfortable with that. I'll struggle through any of these or others to get it to work. Even if it takes modifying one to get what I am looking for. Right now I feel like I am struggling through all of them and not getting where I would like to be. Looking for advice. Once again, thank you in advance for all recommendations. -- Dirk Bartley Systems Administrator Schupan Aluminum Sales www.schupanalum.com
On Thu, 15 Jun 2006, Dirk H Bartley wrote:> I am nearing being prepared to get our corporate network from Active > Directory to samba3 with ldap. The last hurdle is to get an > administrative interface to the ldap repository containing the users and > Groups. I,m hoping for some recommendations. > > I have attempted the following. > > Samba Console: > http://imc.sourceforge.net/samba-console.html[CUT]> > Gosa: > https://gosa.gonicus.de/[CUT]> > LAM: > http://lam.sourceforge.net/[CUT]> User Manager for domains:[CUT]> > Once again, thank you in advance for all recommendations.I tried a couple of the above, but decided to use http://phpldapadmin.sourceforge.net We still use the smbldap command line stuff for adding users and such. The web front end is good for the less experienced folks to manipulate attributes.
Robin Mordasiewicz wrote:> On Thu, 15 Jun 2006, Dirk H Bartley wrote: > >> I am nearing being prepared to get our corporate network from Active >> Directory to samba3 with ldap. The last hurdle is to get an >> administrative interface to the ldap repository containing the users and >> Groups. I,m hoping for some recommendations. >> >> I have attempted the following. >> >> Samba Console: >> http://imc.sourceforge.net/samba-console.html > [CUT] >> >> Gosa: >> https://gosa.gonicus.de/ > [CUT] >> >> LAM: >> http://lam.sourceforge.net/ > [CUT] >> User Manager for domains: > [CUT] >> >> Once again, thank you in advance for all recommendations. > > I tried a couple of the above, but decided to use > http://phpldapadmin.sourceforge.net > > > We still use the smbldap command line stuff for adding users and such. > The web front end is good for the less experienced folks to manipulate > attributes.Personally, I still use the command line method as well...but I think what you may be looking for is SWAT -- the Samba Web Administration Tool. Not sure if you can incorporate smbldap-tools into it or not? Best, Ryan
I like: http://ldapadmin.sourceforge.net/ Very small executablen & no installation required. Only works from windows workstations, obviously... MJ
On Thu, 2006-06-15 at 14:13 -0400, Dirk H Bartley wrote:> Greetings > > I am nearing being prepared to get our corporate network from Active > Directory to samba3 with ldap. The last hurdle is to get an > administrative interface to the ldap repository containing the users and > Groups. I,m hoping for some recommendations. > > I have attempted the following. > > Samba Console: > http://imc.sourceforge.net/samba-console.html > The difficulty I'm having is that it is recommended to install from rpm. > Our samba servers are gentoo distributions and hence not rpm > distributions. I attemted installing from source but after a good few > hours of effort ran into some difficulty that I figured may take more > time than I have to resolve. > > Gosa: > https://gosa.gonicus.de/ > I've gotten this to work, somewhat. It required me to change my tree > structure slightly but it is running. It also requires the addition of > objectclasses in ldap which I had difficulty finding documentation for. > It also behaves in such a way that when I edit a user with a dn of > uid=username,ou=People.. it deletes the object and adds an object with a > dn of cn=First last,ou=People.... and the objectclasses and attributes > that I have that gosa does not recognize in the user object are then > gone. (heimdal kerberos keys specifically). > > LAM: > http://lam.sourceforge.net/ > Installed this and I may have set it up incorrectly but I do not see an > interface to change group membership. Looks like this is intended as a > supplement to some other method of managing membership?? > > User Manager for domains: > Call me old fashioned but I'm just a bit afraid of counting on a > microsoft product to manage users, groups and group membership. > > What I'm looking for is for some anecdotes on the most practical > interface to succeed at this. I'd be perfectly comfortable with just > writing a few perl scripts and using a generic ldap interface. The > issue is that there are 3 other admins here that would not be > comfortable with that. > > I'll struggle through any of these or others to get it to work. Even if > it takes modifying one to get what I am looking for. Right now I feel > like I am struggling through all of them and not getting where I would > like to be. Looking for advice. > > Once again, thank you in advance for all recommendations.---- check out the samba wiki... http://wiki.samba.org/index.php/Samba_%26_LDAP Craig