[Samba] LDAP suffixes
William Jojo
jojowil at hvcc.edu
Wed Aug 17 15:15:44 GMT 2005
need clarification of the use of:
ldap suffix
ldap machine suffix
ldap user suffix
ldap idmap suffix
smb.conf.5 indicates you should have a fully qualified suffix such as:
ldap suffix = dc=blah,dc=com
ldap machine suffix = ou=People,dc=blah,dc=com
ldap user suffix = ou=People,dc=blah,dc=com
ldap group suffix = ou=Groups,dc=blah,dc=com
ldap idmap suffix = ou=Idmap,dc=blah,dc=dom
as demonstrated by:
Example: ldap idmap suffix = ou=Idmap,dc=samba,dc=org
and
Example: ldap group suffix =
ou=Groups,dc=samba,ou=Groups
(which, btw, is a not a good example)
However, it appears from a log level 5 that this happens:
[2005/08/17 11:05:57, 5] lib/smbldap.c:smbldap_search_ext(980)
smbldap_search_ext: base => [ou=Groups,dc=blah,dc=com,dc=blah,dc=com],
filter
=> [(&(objectClass=sambaGroupMapping)(gidNumber=-2))], scope => [2]
It combines two suffixes. Which is the correct behavior?
I see utils/net_rpc_samsync.c seems to think the prior is true.
This behavior is consistent all the way back to 3.0.11.
Cheers,
Bill
More information about the samba
mailing list