[nflug] openLDAP cheats

Darin Perusich Darin.Perusich at cognigencorp.com
Wed Dec 20 14:52:39 EST 2006 

fedora DS will build on any unix, i'm sure there are packages available
for fedora server.

why DS? reliability, scalability, performance, excellent management
utilities, ACL's are easily implemented, all the current schema's
required for unix/linux clients are in place.

don't get me wrong i think openldap is a fine implementation and i use
it, it's just not here :)

eric wrote:
> I have a fedora 3 server do you know if it is Fedora DS capable?
> Why do you recommend DS over openLDAP is it more reliable... etc...
> Thank you
> 
> Darin Perusich wrote:
> 
>> yes it is still possible, i was just throwing out an example which would
>> work in most business environments.
>>
>> it would basically work in the same fashion but you'd have to configure
>> samba so SECURITY = USER and still configure the server at the OS level
>> as an ldap client.
>>
>> you have many options for which ldap implementation you wish to run,
>> openLDAP, Sun DS, eDirectory, Fedora DS. while openLDAP comes with every
>> linux distro i recommend Sun DS and then Fedora DS which origionated
>>from SunDS when it was netscape/iplanet DS.
>> this is the best resource for setting up ldap/DS for client auth on
>> linux and solaris. i've been using these howto's for along time and i've
>> contributed to them.
>>
>> http://web.singnet.com.sg/~garyttt/
>>
>> Should you decide to go with SunDS or not this read is very informative.
>>
>> http://www.thebergerbits.com/Beginners_Guide_to_SunONE_DS.pdf
>>
>> eric wrote:
>>  
>>
>>> Darin, I don't want to use a windows AD server, don't have one - don't
>>> want one, is it still possible to do
>>>
>>> 	  ldap
>>> 	   /\
>>>        /  \
>>>       /    \
>>>      -      -
>>> desktop       samba
>>>
>>>
>>>
>>> Darin Perusich wrote:
>>>
>>>    
>>>
>>>> eric wrote:
>>>>
>>>>
>>>>      
>>>>
>>>>> So, my beginning question is, can an (LDAP) client on a desktop use an
>>>>> LDAP server to logon another server serving samba 'user' shares?
>>>>>   
>>>>>
>>>>>        
>>>>>
>>>> the simple answer is yes, but there are many ways to implement this.the
>>>> only thing samba cares about is that the username you're trying to
>>>> connect as is a valid unix account as well.
>>>>
>>>> one way to set this up would you to setup an windows Active Directory
>>>> domain (yuck) and join the samba server to it as a member server. then
>>>> set the samba option 'password server' to the AD controller. configure
>>>> the samba server at the OS level to be an ldap client against the AD
>>>> controller. samba has a bunch of ldap options which you could use but
>>>> i've never played with them before.
>>>>
>>>>
>>>>
>>>>      
>>>>
>>>>> Computer --> LDAP server --> Samba server
>>>>>
>>>>>   
>>>>>
>>>>>        
>>>>>
>>>> 	ldap
>>>> 	 /\
>>>>       /  \
>>>>      /    \
>>>>     -      -
>>>> desktop       samba
>>>>
>>>>
>>>>
>>>>      
>>>>
>>> _______________________________________________
>>> nflug mailing list
>>> nflug at nflug.org
>>> http://www.nflug.org/mailman/listinfo/nflug
>>>    
>>>
>>  
>>
> 
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug

-- 
Darin Perusich
Unix Systems Administrator
Cognigen Corporation
395 Youngs Rd.
Williamsville, NY 14221
Phone: 716-633-3463
Email: darinper at cognigencorp.com
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list