Following LDAP referrals?

Phil Mayers p.mayers at
Wed May 3 22:45:53 GMT 2000

I looked at the code a while back - changing the search level ought not
to make any difference. It would also allow you to have users and groups
in different ou's, *IF* you don't use samba's adduser functionality to
add them (incidentally, this would be trivial if "smbpasswd -m MACHINE"
actually *RESET* the password to the default machine password, instead
of doing whatever the hell it does...)


Chris Garrigues wrote:
> I want to have certain users who have valid accounts across all my
> systems
> (myself, for instance), so I set up an LDAP referral to an LDAP database
> containing those accounts.  This works fine for Unix logins, but doesn't
> work
> for samba logins.  This is because ldap_search_for (in ldap.c) calls
> ldap_search_s with a scope of LDAP_SCOPE_ONELEVEL instead of
> Is there a good reason for using LDAP_SCOPE_ONELEVEL or can this be
> changed to
> Also, a related question.  It looks like users and groups are expected
> to be
> in the same part of the LDAP tree.  Would it be possible to put them in
> separate places?
> Chris
> --
> Chris Garrigues                 virCIO
> http://www.DeepEddy.Com/~cwg/   http://www.virCIO.Com
> +1 512 432 4046                 +1 512 374 0500
>                                 4314 Avenue C
> O-                              Austin, TX  78751-3709
>   My email address is an experiment in SPAM elimination.  For an
>   explanation of what we're doing, see http://www.DeepEddy.Com/tms.html
>     Nobody ever got fired for buying Microsoft,
>       but they could get fired for relying on Microsoft.

More information about the samba-ntdom mailing list