[K12OSN] smbldap and webmin on Debian

Craig White craig at tobyhouse.com
Wed Nov 7 20:45:12 UTC 2007 

On Wed, 2007-11-07 at 10:22 -1000, R. Scott Belford wrote:
> Craig White wrote:
> > On Wed, 2007-11-07 at 13:45 -0500, Rob Owens wrote:
> >> I have a home installation of Debian Etch and have successfully used the
> >> smbldap-installer scripts.  I was never successful in getting webmin to
> >> work properly as far as adding/modifying users.  Does anybody have any
> >> success stories or advice for me? 
> >>
> >> I think I must be missing some important settings in the "LDAP users and
> >> groups" module configuration.  Even if somebody could tell me "yes, I
> >> use smbldap and webmin on debian etch" but offer no advice, that would
> >> at least give me hope...
> > ----
> > I use it extensively and have left the setup behind for people to
> > maintain in clients offices as well.  It is my primary tool for
> > maintaining users/groups.
> > 
> > My personal observation is that some people expect these tools to just
> > work without actually having to learn/understand/use/recover ldap.
> > 
> > You got questions...post them up.
> > 
> > Personally, I think that if you haven't read 'LDAP System
> > Administration' by Gerald Carter, and cannot add/modify/delete using
> > ldapadd/ldapmodify/ldapdelete, cannot search from command line tool
> > ldapsearch, cannot backup & restore using command line slapcat/slapadd
> > has no business committing their authentication system to LDAP because
> > they are certain to demonstrate to their co-workers how vulnerable they
> > are.
> 
> I think you are dead on with this last comment, Greg.  However, the 
> success of other platforms has been that they build front-ends around 
> the oft-intimidating command line.  For some their aptitude drops 
> exponentially when the terminal opens.
> 
> I am perpetually in search of the tool that does this well for the 
> growing install base of desktops, fat clients, thin clients, etc.  It is 
> a glaring hole in this and the edubuntu project.  Skolelinux nailed it 
> pretty well in the beginning.  Webmin rocks, but ...
> 
> Miru(1) came across my radar recently while hunting down good Edubuntu 
> documentation(2).
> 
> > 
> > Craig
> 
> --scott
> 
> (1) http://developer.novell.com/wiki/index.php/Miru_directory_server
> (2) 
> http://developer.novell.com/wiki/index.php/Feisty/Ocean_post_install_checklist
----
I will let the thread die after this commentary...

Windows has made a business of selling network admin tools for morons
who can neither setup, maintain nor repair their systems and only
through a fair amount of luck actually get a system running from
installation.

If that is the target for Linux, then I'm not sure how Linux would ever
be considered an improvement.

The notion of LDAP as the underlying authentication system means that
all accounts, passwords, authentication are passed on the wires...are
they encrypted? How well? How is anyone going to know the answer to this
if they don't know the first thing about LDAP.

The notion of LDAP as the underlying authentication system means that
all accounts, passwords, etc. are stored as part of the ldap system and
how can anyone be comfortable using it if they don't know how to backup
and restore the database? (which in most circumstances would fit on a
floppy disc)

The notion of LDAP as the underlying authentication system means that
the implementations (ACL/ACI) which are essentially the primary security
system and someone who can not ldapadd, ldapdelete, ldapmodify, slapcat,
slapadd surely doesn't have the vaguest clue about security on LDAP.
Should this person be setting it up and maintaining it?

I guess I always come to the conclusion that it isn't a bit about the
tools but rather the notion that people think that they can actually
rely upon technology that they don't understand. My take...you might get
away with it on a lot of different software packages...LDAP will bite
you big time.

Craig

More information about the K12OSN mailing list