On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi! > > Deryck Hodge schrieb: > > Gerald (Jerry) Carter wrote: > > > >>>Deryck, > >>> > >>>Should we create a list of LDAP management tools that support > >>>the Samba schema? For example, LAM & phpLdapAdmin. > >>> > >>>http://lam.sf.net/ > >>>http://phpldapadmin.sf.net/ > >>> > > > > > > Sounds like a fine idea to me. I probably need to do a bit of website > > reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier > > to find. I'll think through the best way to handle this. > > > > One idea: it would be nice to have a site where infos about > "LDAP account database best practice" could be collected. > > There are so many books (Jerry: I like your "LDAP System Administration" > very much ;-), HOWTOs, tips, emails etc. out there but I always have the > impression that the "least common demoninator" about several significant > decisions is very low. Not to mention that many tips and HOWTOs even > contradict each other or are outdated (It's a fast developing area!) > > An (incomplete) list of those "best practice" topics might include: > > * overall layout of LDAP tree > Deep or shallow? What ou should be there? ---- not really a samba issue ---- > * how to store passwords > cleartext? crypt? SSHA? MD5? What are the pros and cons? ---- not really a samba issue ---- > * where to store machine trust accounts? > Should you sub-structure your accounts ou or not? > * use DSA for NSS, PAM, Samba, Radius, replication, etc.? > pros? cons? Impact on ACL? > * Where to store the sambaDomainName entry? > (directly at the tree root or use your own ou?) > * best way on how to configure your ACL > * Which tools should one use to change user passwords? > smbldap tools? Web GUI? PAM with pam_ldap? ---- Methinks that the future samba wiki might be a good place for this ---- > > etc. > > Decisions on all of these topics have impact on the way > each subsystem has to be configured and on how they all > work together. > > Of course over the years I have developed a structure I > like best, but this is not to say it _is_ the best (under > any metrics you might imagine). > > One should also take into account that different LDAP > administration tools might more or less enforce a specific > way of how to set up your LDAP database, which is the link > I see between the list of LDAP system admin tools and a > "LDAP account database best practice" info site. > > > Meanwhile, can others chime in with their favorite LDAP tools? > > > I use GOSA on several installations and I like it! > <http://oss.gonicus.de/gosa/index.php/Main_Page> > ---- Thanks
Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
