Proposal to add ldap flexability in DIT layout

Olivier Lemaire olivier.lemaire at
Tue Jan 15 06:31:22 GMT 2002

> One thing I have noticed is that I can only specify                                                                             
> one suffix for the base of the DIT tree.                                                                                        
> ldap suffix = "dc=xpedite, dc=com"                                                                                              
> This means that both computer accounts and people                                                                               
> accounts end up in uid=something, dc=xpedite, dc=com                                                                            
not mandatory.                                                                                                                    
see your /etc/ldap.conf if you're using {nss,pam}_ldap                                                                            
with :                                                                                                                            
nss_base_passwd         dc=xpedite,dc=com?sub                                                                                     
nss_base_shadow         dc=xpedite,dc=com?sub                                                                                     
nss_base_group          ou=Groups,dc=IDEALX,dc=org?one                                                                            
> People accounts in "uid=something, ou=people, dc=xpedite, dc=com"                                                               
> Computer accounts in "uid=something, ou=computers, dc=xpedite, dc=com"                                                          
> Search base is "dc=xpedite, dc=com"                                                                                             
This kind of example in the Samba-LDAP-Howto we wrote at                                                                  (use the CVS: the laster, the better).                                                                   
I'll try to merge this doc with Samba-LDAP-Howto from docs/projdocs/                                                              
of 2.2.3 release asap, and submit my diff to jerry@                                                                               

Btw, the SMBLDAP-TOOLS (a collection of perl scripts to migrate from
NT and manage accounts/groups in an Samba/LDAP DC configuration) may
be usefull for your use.

More information about the samba-technical mailing list