samba - Mar 2005 - LDAP mailing list for ldapsam people

People,

I came to Samba 3 or 4 weeks ago and now have a successful ldapsam 3.0.11
PDC installation for 1150+ users (around 80 Win 2000 and XP workstations)
running together with a DHCP server as an "afterthought" service on a
RHAS3 NAS server.

I adopted/adapted my already existent Openldap (2.2.17) DSE at that site)
and wrote to this list about my experiences. For example I couldn't use
the samba-ldap tools, hadn't reached Appendix A of the Official Samba
HOWTO yet and had to reinvent the wheel (my solution turned out to that
detailed in Appendix A).

I noticed on this list, that many people expect Samba/LDAP to be an
out-of-the box solution without really understanding the ins and outs of
LDAP. Sometimes the standard solutions don't work for them and they
don't
know why.

Choosing the right version of OpenLDAP and configuring it correctly are
not child's play. It is not intuitive. Problems can come with:

Which OpenLDAP version to use
How to configure it best for Samba
How to configure Sleepycat BDB
DSE/DIT architecture
SSL/TLS configuration
ACL design
Security
Sources of information on the web, FAQs.

A suitable mailing list for these things would be ideal. However, the
OpenLDAP mailing list does not allow application-oriented questions; they
are considered OT.

The list master of the following mailing list has told me that samba LDAP
people would be welcome there. Subscribers to that list include many
OpenLDAP ML people who are open to discussion about the above topics and
more, and can help with them and more.

For more info, go to:

http://lists.fini.net/mailman/listinfo/ldap-interop

LDAP is one of the most powerful concepts in present-day networking and a
single Data Base can be used for many more applications than Samba.

Best,

--Tonni

--
mail: tonye@billy.demon.nl
http://www.billy.demon.nl

Tony,

It is very impressive that you installed successfully Samba and 
OpenLDAP. I am working on Samba + OpenLDAP integration. So I have a few 
questions for you.

1) Samba need computer account to be ended as $, however, with LDAP as a 
host name service, $ is not working. How do you design your ou=Computers 
or ou=Hosts subtree to solve this problem?

2) You did not use smbldap-tools, then what do you use to migrate NIS 
passwd and group and hosts into LDAP?

Thanks a lot.

Steve

> People,
> 
> I came to Samba 3 or 4 weeks ago and now have a successful ldapsam 3.0.11
> PDC installation for 1150+ users (around 80 Win 2000 and XP workstations)
> running together with a DHCP server as an "afterthought" service
on a
> RHAS3 NAS server.
> 
> I adopted/adapted my already existent Openldap (2.2.17) DSE at that site)
> and wrote to this list about my experiences. For example I couldn't use
> the samba-ldap tools, hadn't reached Appendix A of the Official Samba
> HOWTO yet and had to reinvent the wheel (my solution turned out to that
> detailed in Appendix A).
> 
> I noticed on this list, that many people expect Samba/LDAP to be an
> out-of-the box solution without really understanding the ins and outs of
> LDAP. Sometimes the standard solutions don't work for them and they
don't
> know why.
> 
> Choosing the right version of OpenLDAP and configuring it correctly are
> not child's play. It is not intuitive. Problems can come with:
> 
> Which OpenLDAP version to use
> How to configure it best for Samba
> How to configure Sleepycat BDB
> DSE/DIT architecture
> SSL/TLS configuration
> ACL design
> Security
> Sources of information on the web, FAQs.
> 
> A suitable mailing list for these things would be ideal. However, the
> OpenLDAP mailing list does not allow application-oriented questions; they
> are considered OT.
> 
> The list master of the following mailing list has told me that samba LDAP
> people would be welcome there. Subscribers to that list include many
> OpenLDAP ML people who are open to discussion about the above topics and
> more, and can help with them and more.
> 
> For more info, go to:
> 
> http://lists.fini.net/mailman/listinfo/ldap-interop
> 
> LDAP is one of the most powerful concepts in present-day networking and a
> single Data Base can be used for many more applications than Samba.
> 
> Best,
> 
> --Tonni
> 
> --
> mail: tonye@billy.demon.nl
> http://www.billy.demon.nl
> 
> 
-- 
Regards,

Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293