On Fri, May 7, 2010 at 12:52 AM, <aurfalien at gmail.com> wrote: > On May 6, 2010, at 12:00 PM, Arun Khan wrote: > >> >> >> Even though you may not require the SMB extensions, the smbldaptools >> may be worth looking into. It's toolset are similar to the regular >> Linux user management tools, with the backend taking care of >> populating the LDAP DIT and you keeping your sanity :) > > Thanks Arun, > > But you assume too much, I have no sanity left to keep :) I know what you mean. I was going nuts with one client (who thought he knew LDAP just because he had done a prototype setup on a Mac OS X server) because he was mucking around with the DIT (on the Mac platform). That is when I switched him to openLDAP and smbldaptools on Linux and reclaimed my sanity :) Another tool that I forgot to mention is LDAP Account Manager (lam); there is an open source as well a commercial support version. It is web based; ideal for the CLI phobic admins. You can delegate authority to non technical staff like HR for disabling users and groups ... Luck, -- Arun Khan