[LDAP] ldap.c modifications
childern at gactr.uga.edu
childern at gactr.uga.edu
Tue Dec 21 13:27:51 GMT 1999
I am using samba to control a small NT domain with all authentication coming
from an LDAP server. While building my LDAP server I organized the users into
'ou=People, o=foo, c=us' , groups into 'ou=Groups, o=foo, c=us' and so on.
I installed and configured the nss_ldap and pam_ldap to provide unix services
and was in the process of implementing the LDAP code in samba. Compilation
went fine, (Slackware 7.0 and openldap-1.2.8, samba-absolute-newest-cvs), and
the database would authenticate the PAM requests, but the samba server was
making a bad query. While watching the verbose slapd logs i saw PAM doing a
query at 'scope=2' for 'uid=bar' and samba doing a query at 'scope=1' for
'uid=bar'. I poked around in the passdb/ldap.c code and found the place where
the scope was set, found the corresponding variable in <ldap.h> and changed it
from LDAP_SCOPE_ONELEVEL to LDAP_SCOPE_SUBTREE. <see diff -u below> ... and
it worked!
So, my question is this. Is this a recommended change? I know it's okay for
me, because it makes my system work, but what about Samba/LDAP? I hope that
it is in that it allows for a 'better' organization of the ldap tree, but i
don't want to break my wonderful server in the name of better organization.
Regards,
Nate Childers
nate at gactr.uga.edu
# diff -u ldap.c.orig ldap.c
--- ldap.c.orig Sun Dec 19 20:18:39 1999
+++ ldap.c Sun Dec 19 20:18:51 1999
@@ -92,7 +92,7 @@
DEBUG(2,("Searching in [%s] for [%s]n", lp_ldap_suffix(), filter));
- err = ldap_search_s(ldap_struct, lp_ldap_suffix(), LDAP_SCOPE_ONELEVEL,
+ err = ldap_search_s(ldap_struct, lp_ldap_suffix(), LDAP_SCOPE_SUBTREE,
filter, NULL, 0, &ldap_results);
if(err != LDAP_SUCCESS) {
More information about the samba-ntdom
mailing list