[svlug] Favorite LDAP user admin tool
dalgoda at ix.netcom.com
Tue Sep 20 11:38:39 PDT 2005
On Tue, Sep 20, 2005 at 10:47:25AM -0700, Don Marti wrote:
> begin Mike Castle quotation of Tue, Sep 20, 2005 at 09:52:08AM -0700:
Great. A quick glance looks like these will be pretty useful for
understanding why these things work the way they do.
> > Also, if anyone has a pointer on this: The Samba config files say that
> > some LDAP configurations will allow a user to change a password in one
> > domain (say, posix accounts using passwd), and that would propogate the
> > change to other domains (say, the samba password stuff). What's the magic
> > that causes this to happen (if it does) with OpenLDAP? I've glanced
> > through the code and the schema files, but I haven't noticed anything
> > obvious that says "tie these things together."
> Craig and Matt's article has an smb.conf example for
> this (Listing 5).
Right. I got that part. I guess a better way to ask this might be: What
magic is necessary on the ldap side that enables the following to work:
ldap passwd sync = only
It looks like most systems use [yes] rather than [only]. So I may just go
with that. But it seems to me that both Samba and OpenLDAP support the
necessary magic to make this work. Just missing a tad bit of glue.
What I'm hoping is if someone changes their password on the Unix side with
the passwd command, that OpenLDAP/NSS/whatever, could be configured to
update all of LDAP/NT/LM passwords.
Otherwise, someone changes LDAP and it gets out of sync with NT. Then what?
> If you're going to be maintaining LDAP and Samba
> regularly, you should pick up a copy of "Samba-3 by
> Example: Practical Exercises to Successful Deployment,
> 2nd Edition" too.
Any recommendations for LDAP in general, perhaps OpenLDAP specifically?
More information about the svlug