Proposal to add ldap flexability in DIT layout
Michael Cunningham
archive at xpedite.com
Mon Jan 14 21:26:04 GMT 2002
> > Example:
> >
> > People accounts in "uid=something, ou=people, dc=xpedite, dc=com"
> > Computer accounts in "uid=something, ou=computers, dc=xpedite, dc=com"
>
> > Search base is "dc=xpedite, dc=com"
>
>
> It looks like you want to be able to do a 'sub' search type (-s sub
> command line option with openldap tools). I'm not sure what the default
> search type is for Samba these days, but when LDAP was originally
> working (12-18 months ago?), the default was sub. Have you tried to
> split your LDAP tree as you have described? Does it not work?
>
> I've just had a quick look and it does look like the LDAP search scope
> is LDAP_SCOPE_SUBTREE, which is what you're after.
Actually my problem occurs when adding machine accounts into
ldap using smbpasswd which places it in the ldap suffix location only.
I need to be able to add machine accounts automatically.
I tried setting the ldap suffix to get machine accounts into
ou=computers, dc=xpedite, dc=com by setting the suffix to that.
That worked but I could no longer search for user accounts in
ou=people, dc=xpedite, dc=com.
Its not really a matter of searches that is an issue.. although I would
like to limit searches to as little of the tree as much as possible for
performance reasons.
Its more where tools like smbpasswd place things like machine accounts,
and the fact this is not configurable. Adding a couple new variables into
smb.conf like:
ldap user suffix = ou=people, dc=xpedite dc=com
ldap machine suffix = ou=computers, dc=xpedite, dc=com
It would still be able to provide the old functionality
by setting them both to the same thing.
and would also provide the new functionality I need.
smbpasswd and other tools would need to be modified to
"look in/place stuff" in one or the other depending
on what it is (user or machine)..
The smb server could be modified to do a sub
search in one tree or another depending on what type it
is.. user/machine (this would increase search speed as well).
Providing configuration options allows everyone to keep their
DIT as flat or nested/organized as they like.
Thanks.. Mike
More information about the samba-technical
mailing list