Proposal to add ldap flexability in DIT layout
Olivier Lemaire
olivier.lemaire at idealx.com
Tue Jan 15 06:31:22 GMT 2002
Hi,
> One thing I have noticed is that I can only specify
> one suffix for the base of the DIT tree.
> ldap suffix = "dc=xpedite, dc=com"
> This means that both computer accounts and people
> accounts end up in uid=something, dc=xpedite, dc=com
not mandatory.
see your /etc/ldap.conf if you're using {nss,pam}_ldap
with :
nss_base_passwd dc=xpedite,dc=com?sub
nss_base_shadow dc=xpedite,dc=com?sub
nss_base_group ou=Groups,dc=IDEALX,dc=org?one
> People accounts in "uid=something, ou=people, dc=xpedite, dc=com"
> Computer accounts in "uid=something, ou=computers, dc=xpedite, dc=com"
> Search base is "dc=xpedite, dc=com"
This kind of example in the Samba-LDAP-Howto we wrote at
http://samba.idealx.org/ (use the CVS: the laster, the better).
I'll try to merge this doc with Samba-LDAP-Howto from docs/projdocs/
of 2.2.3 release asap, and submit my diff to jerry@
Btw, the SMBLDAP-TOOLS (a collection of perl scripts to migrate from
NT and manage accounts/groups in an Samba/LDAP DC configuration) may
be usefull for your use.
--
lem
More information about the samba-technical
mailing list