LDAP: seperated "ldap suffix" for trust accounts
Martin Hofbauer Bacher Systems EDV
mh at bacher.at
Mon Mar 1 01:33:35 GMT 1999
On Thu, 21 Jan 1999, Matt Chapman wrote:
>
> > Martin Hofbauer Bacher Systems EDV wrote:
> >
> > > LDAP Servers User DB is normally used for many purposes,
> > > like mail,samba,...
> > >
> > > Users are worried, when they see machine accounts in an e.g. Netscape
> > > Mail addressbook query.I know you can select by using/not using special
> > > ldap attributes. Helps also a lot for admin. things.
> > >
> >
> > If possible I would prefer having all Samba-related information under one part
> > of the LDAP tree.
> >
> > Would having a separate objectclass for trust accounts help?
No, Sorry (also for the late reply :) !
( look at Nr. 2)
1.)
In my case there is a unchangeable hierarchical LDAP tree, Like:
ou=Peoble,o=XXX,c=AT
ou=Services,o=XX,c=XX
(in this case done by the Sun Mail Server installation )
and I want to continue using that concept,
2.)
Every user is using that LDAP DB as an address book, so
he sees every trust account as an user and is confused...
.. ok, I can use ACLs, but then there is a lot of work
have to be done ( in my case ) on 10 LDAP Server.
But I dont want to deny access to that data, I only
want to hide it for that purpose.( addressbook)
Why does not fit such a parameter into the SAMBA-LDAP implementation ?
> >
> > Matt
> >
> >
> > --
> > Matt Chapman
> > m.chapman at student.unsw.edu.au
> >
>
-------------------------------------------------------------------
Martin Hofbauer IT-Consulting
phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH
fax : +43 (1) 60 126-4 Wienerbergstr. 11B
e-mail: mh at bacher.at A-1101 Vienna, Austria
--
--
More information about the samba-technical
mailing list