smbldap installer on FC9

Rick Stevens ricks at nerd.com
Tue Jan 13 18:00:25 UTC 2009 

Craig White wrote:
> On Mon, 2009-01-12 at 22:29 -0500, Robert Moskowitz wrote:
>> Craig White wrote:
> 
>>> The alternative is to actually learn how LDAP works and then you can do
>>> anything you want with it.
>> Like the aformentioned developer?
> ----
> he was an educator, not a software developer. At some point, someone has
> to give thought/effort towards creating a sustainable software package
> and not just something that worked at a given point in time.
> 
> In the end though, I have always felt that if you install LDAP as a
> primary authentication system and can't maintain it because you
> installed as a turnkey and never really understood how it worked, you
> were just asking for disaster to strike you.

Yup.  I use LDAP authentication for a bunch of machines that used to
have quasi-synchronized passwd and group files.  There were conflicts
galore but they've been sorted out now.

I used RPM-based pam/nss stuff, but the LDAP (and back-end BDB) were
built from tarballs so I could have the latest (these systems had to be
PCI-compliant).  It's not hard but neither is it trivial and you do need
to know how it all works.  The fiddly bits most people have problems
with are the SASL/Kerberos things to secure the LDAP communications and
making sure the redundant LDAP servers do indeed replicate between each
other correctly.

Any network-based authentication system (LDAP, NIS, NIS+, AD) is, by
definition, more complex than a local file-based solution and if you're
going to use it, you had better understand how all the bits interrelate
or you're asking for trouble.  But, then again, if it was easy everyone
would do it!
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
- Life:  That which happens while you search for the remote control. -
----------------------------------------------------------------------

More information about the fedora-list mailing list