[PATCH] ldap account separation patch
icoupeau at unav.es
Thu Jan 17 09:12:03 GMT 2002
> I'm a little reluctant to apply this patch because it adds
> another smb.conf parameter that I really don't think is necessary.
> In my thinking, you can simply design your namespace such that
> ou=accounts,.... <- top level for all user/machine accounts
> ou=people,ou=accounts <- users
> ou=computer,ou=accounts <- machine accounts
> Now specify
> ldap suffix = "ou=account,..."
> in smb.conf.
> Create the posixAccount entries for machine first in ou=computer,... and
> then the sambaAccount information for each machine simply gets added to
> the current entry (either using smbpasswd or from smbd).
> Can you comment? I just really don't see the need to enforce this
> type of policy directly in smbd.
I'm agree with maintain only one suffix... or provide a general
mechanism but independent from the conf file. At last, is no too complex
create a bunch of ws' posixAccount or (in the limit) use other smb.conf
file with other base for add the ws...
Ignacio Coupeau, Ph.D. e-mail: icoupeau at unav.es
CTI, Director fax: 948 425619
University of Navarra voice: 948 425600
Pamplona, SPAIN http://www.unav.es/cti/
More information about the samba-technical