[Samba] LDAP suffixes
John H Terpstra
jht at samba.org
Wed Aug 17 22:35:05 GMT 2005
On Wednesday 17 August 2005 15:57, Geert Stappers wrote:
> On Wed, Aug 17, 2005 at 10:56:39AM -0600, John H Terpstra wrote:
> > On Wednesday 17 August 2005 10:05, Geert Stappers wrote:
>
> <snip/>
>
> > The problem is one of the ability to find the computer account via NSS.
> >
> > > My questions:
> > >
> > > * the version with the bug, did they work with
> > >
> > > ldap suffix = dc=foobar,dc=biz
> > > ldap user suffix = ou=People
> > > ldap machine suffix = ou=Computers,ou=People
> > >
> > > in smb.conf succesfull?
> > >
> > >
> > > * In which version was the bug fixed?
> >
> > This was not a Samba bug as explained above.
> >
> > PS: Suggest you refer to chapter 5, section 5.3.1.7, of the current
> > Samba3-ByExample book. You can obtain it on-line from:
> >
> > http://www.samba.org/samba/docs/Samba3-ByExample.pdf
> >
> > This book will become available in computer stores by mid-September.
>
> In chapter 5 I found
>
> . ldap suffix [dc=abmas,dc=biz] >
> . ldap group suffix [ou=Groups] >
> . ldap user suffix [ou=People,ou=Users] >
> . ldap machine suffix [ou=Computers,ou=Users] >
> . Idmap suffix [ou=Idmap] >
>
>
> That makes this LDAP tree(beard)
>
>
> dc=abmas,dc=bz
> /|\
> / | \
> / | \
> ou=Groups | ou=Idmap
>
> ou=Users
> / \
> / \
> / \
> ou=People ou=Computers
>
>
> That allows a nss_base_passwd ou=Users,dc=abmas,dc=biz?one
No, if you want to perform a single search in nss_ldap you need:
nss_base_passwd ou=Users,dc=abmas,dc=biz?sub
Note: sub not one
>
>
> Shouldn't /etc/samba/smb.conf contain
>
> ldap user suffix = ou=People,ou=Users
> ldap machine suffix = ou=Computers,ou=Users
Correct.
>
> or
>
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Users
No, that expects all the accounts to be in the ou=Users container.
>
> instead of the current
>
> ldap machine suffix = ou=People
> ldap user suffix = ou=People
That expects all user and machine accounts in the ou=People container.
>
> that is now in Example 5.7. LDAP Based smb.conf File, Server: MASSIVE
> global Section: Part B at
> http://us2.samba.org/samba/docs/man/Samba3-ByExample/happy.html ?
The example puts both user and machine accounts into the ou=People container.
The diagnostic section explains how they CAN be separated.
Cheers,
John T. (Jan, de man die niet alles kan).
More information about the samba
mailing list