LDAP an %variables

Andrew Bartlett abartlet at samba.org
Sat Aug 3 04:32:02 GMT 2002

Marcel Ritter wrote:
> Hi there!
> I recently set up a samba server with LDAP support. After some tests with
> different windows versions my profile was trashed. So I tried to store
> the profile in a subdirectory "%a" (which should resolve to the windows
> release WinNT Win2k etc.). Unfortunately this does not work when specified
> in LDAP.
> Is there a reason for this?
> I'd really like to use the %<var> statements in LDAP. I already hacked
> around a bit and it works for me (just copied one line!) - however I'd
> like to see it in the official release if there's no further technical
> problem I can't see by now.

It has problems when you then store the expanded form - you lose the
LDAP magic on the first password change etc.

To get around this, we came up with a way we have 'defaults' for certain
things, using the same stuff as the 'fudge it up' solution for
smbpasswd.  Except we don't store the expanded strings back, unless they
are modified by a client.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list