[Samba] ldap machine suffix = ou=Computers vs ou=Users
Craig White
craigwhite at azapple.com
Thu Dec 9 23:36:48 GMT 2004
On Thu, 2004-12-09 at 16:37 -0500, Misty Stanley-Jones wrote:
> On Thursday 09 December 2004 14:50, Chuck Theobald wrote:
> > John,
> >
> > I use:
> >
> > ldap group suffix = ou=group
> > ldap machine suffix = ou=people
> > ldap user suffix = ou=people
> >
> > because the docs I was following stated that there was a bug in Samba that
> > prevented a group suffix of ou=computers from working. I can't put my
> > hands on this doc right now, though. Perhaps someone could comment on
> > whether this issue is resolved in 3.0.9 or whether it was an issue at all.
> >
> > Chuck
> >
>
> It hasn't been an issue for a long time now. I don't remember if it was with
> Samba or smbldap-tools. But you need to be using a newer smbldap-tools (ones
> that do not end in .pl).
---
I don't know about the newer smbldap-tools but I think the problem lies
more with the requirement that samba users must be posixAccounts and
thus, the posix information for these machine accounts need to be
located when connected.
There has been numerous discussions about using 'sub' instead of 'one'
when parsing the ldap directory which has load/performance implications
and these scaling issues are something to be dealt with. It gets
cumbersome to answer for those that are having problems. These issues
are difficult for those that don't have familiarity with ldap and when
you get the processes down, it's easy enough to move the machine
accounts to another container and until then, the far easier route is to
put them in the user container.
Craig
More information about the samba
mailing list