Following LDAP referrals?

[Chris Garrigues]

I want to have certain users who have valid accounts across all my systems
(myself, for instance), so I set up an LDAP referral to an LDAP database 
containing those accounts.  This works fine for Unix logins, but doesn't work 
for samba logins.  This is because ldap_search_for (in ldap.c) calls 
ldap_search_s with a scope of LDAP_SCOPE_ONELEVEL instead of LDAP_SCOPE_SUBTREE.

Is there a good reason for using LDAP_SCOPE_ONELEVEL or can this be changed to 
LDAP_SCOPE_SUBTREE.

Also, a related question.  It looks like users and groups are expected to be 
in the same part of the LDAP tree.  Would it be possible to put them in 
separate places?

Chris

-- 
Chris Garrigues                 virCIO
http://www.DeepEddy.Com/~cwg/	http://www.virCIO.Com
+1 512 432 4046                 +1 512 374 0500
				4314 Avenue C
O-				Austin, TX  78751-3709
                                

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 239 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000503/79abe935/attachment.bin