Am Freitag, 12. Oktober 2007 06:58 schrieb John H Terpstra: > On Thursday 11 October 2007 22:57, Daniel L. Miller wrote: > > Are the IDEALX tools necessary for "complete" integration with LDAP? Or > > is the built-in support sufficiently advanced now? > > > > Daniel > > Daniel, > > What function do you believe the IDEALX tools serve? Why do you think these > scripts are needed? What makes you think that "built-in support" might be > the right (or best) solution? > > Have you read the Samba documentation? Specifically, is there anything in the > Samba3-HOWTO or in Samba3-ByExample that would lead you to believe that there > is any attempt to supercede the necessity for the IDEALX tools (or an > alternative set of scripts that is external to Samba itself)? > > What does "complete" integration with LDAP mean to you? > > You are not the first person to ask questions like these. It would help me > to > write more useful documentation if I could better understand what is behind > the questions. > > In case you do not know of the books "Samba3-HOWTO" and "Samba3-byExample" > they can be obtained from: > > http://www.samba.org/samba/docs/Samba3-HOWTO.pdf > http://www.samba.org/samba/docs/Samba3-ByExample.pdf > > The IDEALX tools are a means of creating and managing UNIX user and group > accounts in the LDAP directory. Samba can then create and manage the Windows > (SambaSAM) account information that is necessary to support Windows network > activities. > > As a network administrator, I want total control over how UNIX accounts are > managed in my LDAP directory and I would not want this done by Samba - > particularly if that removes my ability to control how this is done. Your > mileage may vary, but I suspect most UNIX administrators who manage Samba > would not want to lose control of the UNIX part of the directory. > > For example, if Samba had total control over all Windows networking (Samba) > accounts, and the Windows network administrator deletes a user account, but > the users also has vital UNIX files, how should the deletion of the UNIX > account information be handled? > > By keeping the LDAP administration scripts that impact the UNIX account > management separate from the Windows (Samba) account part, the administrator > can exercise greater control over. - Just my $0.02 worth. > > Cheers, > John T.
Hi John, there is ongoing work to avoid (some) external scripts http://wiki.samba.org/index.php/Ldapsam_Editposix Cheers, Guenter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba