ons, 11.05.2005 kl. 15.27 skrev Leonard Tulipan: > Sorry, if this has been dealt with before, but I couldn't find it.
Hei Leonard! > I tried installing openldap 2.2 + samba 3. Currently I only have one > install of openldap 2.0 and samba 2.2 running. > > Now, it all looks quite good, but the smbldap-tools do not add the > necessary structuralobjectClass entries, so using the tools fails. > I was able to manually change the first populate - which could be > exported as an ldif. > I had a quick look inside the perl scripts, but it looks like one > probably needs to touch ALL of them. Maybe one does. I have vented umpteen spews against the smbldap tools on this list. The basis has always been, the scripts' naivety. They cater for a gang of kiddies with no knowledge of LDAP and kid them along that they've done a good job when things work the Samba way, but make it impossible for the kiddies thenceforth to develop their LDAP database structure into what the LDAP architects had envisaged. > Has anybody done this. Should I revert back to an older openldap version > which doesn't enforce ldap v3 structuralobjectClass? No way revert! Older OpenLDAP versions (i.e. anything before 2.1, which itself is at present lying on its deathbed, because it's useless for loaded production systems) are to be regarded as cadavers. Those administering them as deadibones. > any tips and pointers are greatly appreciated Basically, learn OpenLDAP *LONG* before you learn Samba. Or Postfix, or Courier, or Pykota or whatever. OpenLDAP is the holy grail within Unix, as far as authentication and authorization is concerned. It is the only sustainable way of realizing SSO (Single Sign On). Learning and adapting LDAP long before you begin with Samba will teach you exactly what weaknesses the Samba LDAP model introduces. (Open)LDAP confers a completely open method of establishing an authentication model. There is no such strict regime such as the smbldap tools infer and implement. For those with the racism laws stuck up their derriers, the smbldap tools confer a kind of racism. "You can't be anything other than white". "Oh, why not?" "Because we say so". In my - disjointed - (Open)LDAP model a group may be in any container I choose. E.g., maybe I have a base dn of dc=example,dc=edu. Under that, maybe, (which I do), I have Posix groups cn=teachers, cn=pupils, cn=staff, cn=directors, whatever. Under cn=teachers etc. I have all my Posix account teachers. My system can cope with them all, since I write my own (disjointed) scripts to make them all. And consequently execute them all. The secret is the Samba 3 binary utilities that knit the whole together. Who said that the smbldap scripts are in any way capable of initiating a Postfix account, a Courier account, a Pykota account? Of course they're bleeding well not. They're utterly useless at doing anything other than racist things, entirely confined to Samba. So what tools are one supposed to use to make LDAP records for each user comprising Samba, Postfix, Courier, Pykota and GDM, ssh, etc.? Answer: learn ksh, bash, shell, awk, the Samba binary utilities, and use them to write your tools. Try to make them work together, as far as possible. Sheesh ... --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba