[PATCH] ldap account separation patch

Ignacio Coupeau icoupeau at unav.es
Thu Jan 17 09:12:03 GMT 2002

> I'm a little reluctant to apply this patch because it adds
> another smb.conf parameter that I really don't think is necessary.
> In my thinking, you can simply design your namespace such that
> ou=accounts,....	<- top level for all user/machine accounts
> ou=people,ou=accounts	<- users
> ou=computer,ou=accounts	<- machine accounts
> Now specify
> 	ldap suffix = "ou=account,..."
> in smb.conf.
> Create the posixAccount entries for machine first in ou=computer,... and
> then the sambaAccount information for each machine simply gets added to
> the current entry (either using smbpasswd or from smbd).
> Can you comment?  I just really don't see the need to enforce this
> type of policy directly in smbd.

I'm agree with maintain only one suffix... or provide a general 
mechanism but independent from the conf file. At last, is no too complex 
create a bunch of ws' posixAccount or (in the limit) use other smb.conf 
file with other base for add the ws...


Ignacio Coupeau, Ph.D.     e-mail: icoupeau at unav.es
CTI, Director              fax:    948 425619
University of Navarra      voice:  948 425600
Pamplona, SPAIN            http://www.unav.es/cti/

More information about the samba-technical mailing list