Hey all, first off, I must admit: great work so far =)
I have a question though, how would it be possible to administer the ldap db remotely with tools like
ApacheDirectory Browser?
I tried already with the admin account, but every attempt to modify the schema fails with "no write access to parent"
I would like to delete a machine account, is there any other way to achieve this, without fiddling with ldap?
kr, marcel
I moved 5 posts to an existing topic: Deleting a Samba machine account
ok,
but if he wants to use a tool from an external machine … luserdel
will not be available 
Hey, yes using the libuser as well.
But there seems to be no acl in place, at least not in ldap.conf… Is there a way to give the domain admin write access via acl somehow? In the meantime i will give the escaped command a shot, didnt knew that…
i think we need PHPLDAPADMIN for managing LDAP 
This project already exists
http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
Why not? This seems a good idea to me! @Nas, would you like to start writing an howto about phpLDAPadmin on NethServer? The HowToMaster @AbsyntH could give an hint on this!
how about cn=manager or admin account for ldap ? where i could see password or somth like this !
I think it´s not phpldapadmin what is needed - there are ldap browsers/editors out there - we just need a remote user with write access to the schema…
So as far as i can see, only localhost is allowed to write to the directory!?
remote ldap management is owfull , make SSH tunnel for managing ! we need localhost management instrument and management account for doing this !
I agree… no need for remote administration…
we need such a feature merged into NS gui
phpldapadmin and for Jabber we need module VCARD LDAP for merging Users Name and Surname + mob tel to Roaster it could be a great feature !
I moved a post to a new topic: phpLDAPadmin HowTo
I moved 2 posts to an existing topic: phpLDAPadmin HowTo
@davidep @zamboni @alefattorini check my tuorial and say does phpldapadmin ruins some ldiff and schema ?
@nas Great work! It does not modify any configuration file managed by templates. Thus it’s OK for me.
@feenix: the root user has full privileges on the LDAP tree through the ldapi:// socket. This is the CentOS default. Just remember to use -Y EXTERNAL option on ldap* commands. For instance
ldapsearch -Y EXTERNAL -b cn=config
ldapdelete -Y EXTERNAL 'uid=yourmachine$' # <- does it work?
Unfortunately some services (like samba or libuser) don’t like ldapi:// and require an account. And ACLs. To inspect LDAP ACLs use the commands from
http://docs.nethserver.org/projects/nethserver-devel/en/latest/directory.html#inspect-openldap-acls
be careful when accessing LDAP. It is the Unix and Samba accounts backend. It contains very sensitive informations. It’s more than /etc/passwd. It’s like /etc/shadow.
I moved a post to an existing topic: phpLDAPadmin HowTo