[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] sourceforge thin-client project



On Wed, 18 Dec 2002, Steve Wright wrote:

>Jonathan Bartlett wrote:
>
>>If you wanted to really abstract it out, there are two other services you
>>might do:
>>
>
>Hey J,
>
>>
>>a) Authentication services - this would be an LDAP server combined with
>>a Samba PDC using the LDAP database that could be used to authenticate
>>students anywhere on the network.  This would take quite a bit of work to
>>get right, but we could probably make it quite a bit better than Active
>>Directory.
>>
>
>LDAP may be the foundation to build it all on.  Clearly, centralised 
>admin is essential in a multi-server ready system.
>
>I am not a Samba expert, but I cannot imagine it would be a lot of work 
>to plug samba into LDAP.  Once the deed was done, the advantage would be 
>- never touch another Samba .conf file again - and I'm sure many would 
>be thrilled with that idea.

Shahms King and I have already done much of the footwork on this one.
Samba has LDAP code thanks to Shahms and I've been working on the LDAP
configuration/management.

  ftp://k12linux.mesd.k12.or.us/pub/samba-ldap/
  ftp://k12linux.mesd.k12.or.us/pub/ldaphacks/

We've been running Samba+LDAP in production for about two years now.

>>b) File-sharing services - a machine which provides home directories and
>>shared filesystems for users.  Exported via Samba, Netatalk, and NFS.
>>Also configurable through the GUI to automatically add home directories as
>>users first log in.
>>
>
>again, if we can abstract these services, they can plug on top of LDAP. 
> It seems to me - a properly installed unix system is a fully abstracted 
>one - where all user credentials and system settings are centralised, 
>whereby eliminating the sometimes-difficult task of configuring 
>everything manually.
>
>Perhaps I am misled in my belief - that this level of simplicity and 
>automated intereration can be achieved.  I can see the end product - the 
>technical details I will collect along the way.  8-)
>
>There is a disadvantage, perhaps, to this level of abstraction, and that 
>is - we may lose the ability to customise individual users, or classes 
>of users.  I am probably showing my lack of knowledge in LDAP with that 
>statement, however..  8-)

I don't see an easy way of storing file permisions in a LDAP server.

Samba, Netatalk, and NFS all are similar enough that it should be possible
to configure each based off a centralized config file. In theory anyways,
I haven't actually tried do it yet ;-)

-Eric





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]