[K12OSN] Samba/LDAP how-to in OO format

David Trask dtrask at vcs.u52.k12.me.us
Wed Jun 16 23:07:57 UTC 2004 

"Support list for opensource software in schools." <k12osn at redhat.com>
writes:
>Comments:
>Re 1. In that case why is bdb not the default in slapd.conf as provided 
>by the FC2 openldap-servers rpm?  I suspect that David simply used what 
>was there, not changing the backend.  I'm not trying to disagree - just 
>to point out that if this is now the standing recommendation then in 
>addition to changing the how-to it should be changed in the slapd.conf 
>provided by the rpm.

I simply used what was there...I did think about changing to bdb, but
decided I was having enough trouble as it was.  The smbldap folks from
idealx...continue to use lbdm
>
>
>Re 2. Definitely, although the issue is actually whether ldap directory 
>users have query or update access to other users' hashed passwords.  The 
>over the wire comment relates to the TLS recommendation.

Yes...remember...I tried to keep it simple to simply get it working
>
>
>Re 3. Definitely.
>
>Other points:
>5. The smbldap-tools provided by the FC2 samba rpm under 
>/usr/share/samba-n.n.n/LDAP/smbldap-tools are out of date.  They should 
>either be brought current, or removed and placed in a separate 
>smbldap-tools rpm _included_ in FC2 distro with a pre-requisite of the 
>perl-LDAP rpm, which in turn requires other perl- rpms.  I believe this 
>change would avoid the need for any of the CPAN steps, and allow 
>installing the smbldap-tools from the FC2 distro.

The smbldap-tools in Samba 3.03 are out of date....the new tools from
idealx are MUCH easier to use and I detail those in the how-to.  The CPAN
stuff and apt stuff in the how-to was simply to get people to be able to
bring their systems current....especially if they plan to use the idealx
webmin component....it could have been left out and probably wouldn't
matter, but I wanted folks to plan ahead a little.
>
>
>6. The how-to should include using slappasswd to create a good password 
>hash for inclusion within slapd.conf in lieu of the default password.

I agree....
>
>
>7. Yum would work just as well as apt.  Perhaps alternative commands for 
>updating and installing rpms either way would make the how-to equally as 
>friendly to people who prefer yum.

I agree again...I chose apt basically because of synaptic....yum has yet
to come up with a GUI that I'm aware of...again..trying to keep it simple
for all..even relative newbies.
>
>
>I hope the community does remedy all those points to give this very 
>useful document a more robust treatment of security, and make FC2 a 
>little less complex to implement samba/ldap on.

Definitely...I'm by no means an expert...I'm driven by a need to tie my
Windoze and LTSP users together...hence Samba/LDAP....please...pitch
in...feel free to rewrite the doc and please let me know if you do so I
can try it  :-)


David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcs.u52.k12.me.us
(207)923-3100

More information about the K12OSN mailing list