Following LDAP referrals?
Phil Mayers
p.mayers at ic.ac.uk
Wed May 3 22:45:53 GMT 2000
I looked at the code a while back - changing the search level ought not
to make any difference. It would also allow you to have users and groups
in different ou's, *IF* you don't use samba's adduser functionality to
add them (incidentally, this would be trivial if "smbpasswd -m MACHINE"
actually *RESET* the password to the default machine password, instead
of doing whatever the hell it does...)
Cheers,
Phil
Chris Garrigues wrote:
>
> I want to have certain users who have valid accounts across all my
> systems
> (myself, for instance), so I set up an LDAP referral to an LDAP database
>
> containing those accounts. This works fine for Unix logins, but doesn't
> work
> for samba logins. This is because ldap_search_for (in ldap.c) calls
> ldap_search_s with a scope of LDAP_SCOPE_ONELEVEL instead of
> LDAP_SCOPE_SUBTREE.
>
> Is there a good reason for using LDAP_SCOPE_ONELEVEL or can this be
> changed to
> LDAP_SCOPE_SUBTREE.
>
> Also, a related question. It looks like users and groups are expected
> to be
> in the same part of the LDAP tree. Would it be possible to put them in
> separate places?
>
> Chris
>
> --
> Chris Garrigues virCIO
> http://www.DeepEddy.Com/~cwg/ http://www.virCIO.Com
> +1 512 432 4046 +1 512 374 0500
> 4314 Avenue C
> O- Austin, TX 78751-3709
>
>
> My email address is an experiment in SPAM elimination. For an
> explanation of what we're doing, see http://www.DeepEddy.Com/tms.html
>
> Nobody ever got fired for buying Microsoft,
> but they could get fired for relying on Microsoft.
More information about the samba-ntdom
mailing list