RFT: samba-ldap
[Finn-Arne Johansen]
> Why do we need an ldap-enabled samba ?
There are several issues I want to have in place regarding samba.
I'm told that samba need to register new machines into the "domain"
before they are given access. I believe it is best to store such
machine info in LDAP, as we want to handle several samba servers in a
school. It should be enough to register the machine once in the
school, and it should then get access to all samba servers.
But I do not the samba servers to have write access to the LDAP server
"on their own", ie without an administrator providing his LDAP admin
password to approve the LDAP update. This means that the LDAP access
password should not be part of the samba configuration stored on disk,
but it should be provided by a LDAP admin every time a new machine is
to be added to the "domain". The reason for this is that it should be
possible to outsource the administration of the LDAP server, and I
believe it is unlikely that a third party administrating the LDAP
server will allow LDAP write access directly from machines outside
their control.
Is this possible to have both?
We also want to provide packages in woody with an upgrade path into
sarge. The samba-ldap package have a different name from the official
package, and I believe it is unlikely that it will upgrade cleanly to
a version of samba in sarge. Can we do it in a way that eases
upgradability?
What is the samba server updating in LDAP (which attributes), and
when?
Reply to: