[Samba] Re: winbind with ldap backend permissions
Igor Belyi
sambauser at katehok.ac93.org
Wed Oct 6 15:50:42 GMT 2004
Thorsten Scherf wrote:
>On Wed, 06.10.2004 Igor Belyi wrote:
>
>
>>Thorsten Scherf wrote:
>>
>>
>>>hi,
>>>
>>>I set up a winbindd with a ldap backend, here is the relevant part of my
>>>smb.conf:
>>>
>>>idmap backend = ldap:ldap://mail.rhel.homelinux.com
>>>ldap admin dn = cn=winbind,dc=example,dc=com
>>>ldap suffix = dc=example,dc=com
>>>ldap idmap suffix = ou=idmap
>>>
>>>On the ldap server I set up the ou=idmap and also permissions for
>>>cn=winbind to write into the ou=idmap:
>>>
>>>access to dn="(.),ou=idmap,dc=example,dc=com"
>>> by dn="cn=winbind,dc=example,dc=com"
>>> by * read
>>>
>>>
>>Did you try to change your 'what' part of the access to:
>>
>>dn.subtree="ou=idmap,dc=example,dc=com"
>>
>>
>
>this works fine.
>
>but what is the difference to "dn=(.*),ou=idmap,dc=example,dc=com"?
>with my understanding of the ldap-access rules it should just be a performance issue, souldn't it?!
>
>
I think the difference is that you forgot to add '.regexp' to your
access statement. It should have been:
dn.regexp="(.*),ou=idmap,dc=example,dc=com"
otherwise it was matching dn as it is without applying regular
expression rules.
Hope it helps,
Igor
More information about the samba
mailing list