Fedora DS is much nicer (both in terms of setup, administration, and performance) compared to OpenLDAP (Which I will personally never use again).<br><br><br><br><div><span class="gmail_quote">On 12/20/06, <b class="gmail_sendername">
Darin Perusich</b> <<a href="mailto:Darin.Perusich@cognigencorp.com">Darin.Perusich@cognigencorp.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
fedora DS will build on any unix, i'm sure there are packages available<br>for fedora server.<br><br>why DS? reliability, scalability, performance, excellent management<br>utilities, ACL's are easily implemented, all the current schema's
<br>required for unix/linux clients are in place.<br><br>don't get me wrong i think openldap is a fine implementation and i use<br>it, it's just not here :)<br><br>eric wrote:<br>> I have a fedora 3 server do you know if it is Fedora DS capable?
<br>> Why do you recommend DS over openLDAP is it more reliable... etc...<br>> Thank you<br>><br>> Darin Perusich wrote:<br>><br>>> yes it is still possible, i was just throwing out an example which would
<br>>> work in most business environments.<br>>><br>>> it would basically work in the same fashion but you'd have to configure<br>>> samba so SECURITY = USER and still configure the server at the OS level
<br>>> as an ldap client.<br>>><br>>> you have many options for which ldap implementation you wish to run,<br>>> openLDAP, Sun DS, eDirectory, Fedora DS. while openLDAP comes with every<br>>> linux distro i recommend Sun DS and then Fedora DS which origionated
<br>>>from SunDS when it was netscape/iplanet DS.<br>>> this is the best resource for setting up ldap/DS for client auth on<br>>> linux and solaris. i've been using these howto's for along time and i've
<br>>> contributed to them.<br>>><br>>> <a href="http://web.singnet.com.sg/~garyttt/">http://web.singnet.com.sg/~garyttt/</a><br>>><br>>> Should you decide to go with SunDS or not this read is very informative.
<br>>><br>>> <a href="http://www.thebergerbits.com/Beginners_Guide_to_SunONE_DS.pdf">http://www.thebergerbits.com/Beginners_Guide_to_SunONE_DS.pdf</a><br>>><br>>> eric wrote:<br>>><br>>>
<br>>>> Darin, I don't want to use a windows AD server, don't have one - don't<br>>>> want one, is it still possible to do<br>>>><br>>>> ldap<br>>>> /\
<br>>>> / \<br>>>> / \<br>>>> - -<br>>>> desktop samba<br>>>><br>>>><br>>>><br>>>> Darin Perusich wrote:<br>>>>
<br>>>><br>>>><br>>>>> eric wrote:<br>>>>><br>>>>><br>>>>><br>>>>><br>>>>>> So, my beginning question is, can an (LDAP) client on a desktop use an
<br>>>>>> LDAP server to logon another server serving samba 'user' shares?<br>>>>>><br>>>>>><br>>>>>><br>>>>>><br>>>>> the simple answer is yes, but there are many ways to implement
this.the<br>>>>> only thing samba cares about is that the username you're trying to<br>>>>> connect as is a valid unix account as well.<br>>>>><br>>>>> one way to set this up would you to setup an windows Active Directory
<br>>>>> domain (yuck) and join the samba server to it as a member server. then<br>>>>> set the samba option 'password server' to the AD controller. configure<br>>>>> the samba server at the OS level to be an ldap client against the AD
<br>>>>> controller. samba has a bunch of ldap options which you could use but<br>>>>> i've never played with them before.<br>>>>><br>>>>><br>>>>><br>>>>>
<br>>>>><br>>>>>> Computer --> LDAP server --> Samba server<br>>>>>><br>>>>>><br>>>>>><br>>>>>><br>>>>>><br>>>>> ldap
<br>>>>> /\<br>>>>> / \<br>>>>> / \<br>>>>> - -<br>>>>> desktop samba<br>>>>><br>>>>><br>>>>>
<br>>>>><br>>>>><br>>>> _______________________________________________<br>>>> nflug mailing list<br>>>> <a href="mailto:nflug@nflug.org">nflug@nflug.org</a><br>>>>
<a href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br>>>><br>>>><br>>><br>>><br>><br>> _______________________________________________
<br>> nflug mailing list<br>> <a href="mailto:nflug@nflug.org">nflug@nflug.org</a><br>> <a href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br><br>--<br>Darin Perusich
<br>Unix Systems Administrator<br>Cognigen Corporation<br>395 Youngs Rd.<br>Williamsville, NY 14221<br>Phone: 716-633-3463<br>Email: <a href="mailto:darinper@cognigencorp.com">darinper@cognigencorp.com</a><br>_______________________________________________
<br>nflug mailing list<br><a href="mailto:nflug@nflug.org">nflug@nflug.org</a><br><a href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><br></blockquote></div><br>