ldap group suffix relative

Simo Sorce simo.sorce at xsec.it
Thu Aug 14 07:21:41 GMT 2003


On Wed, 2003-08-13 at 21:56, Stefan (metze) Metzmacher wrote:
> At 11:45 13.08.2003 +0200, Tilo Lutz wrote:
> >Hi
> >
> >I use samba 3.0rc1? with openldap.
> >Don'T know if it's really rc1 or beta3.
> >Downloaded it from ftp.suse.com
> >
> >Here are the ldap-options from smb.conf:
> >        ldap admin dn           =  uid=wilma2,dc=domain,dc=de
> >         ldap suffix             =             dc=domain,dc=de
> >         ldap machine suffix     = ou=machines,dc=domain,dc=de
> >         ldap group suffix       =   ou=groups,dc=domain,dc=de
> >         ldap idmap suffix       =             dc=domain,dc=de
> >         ldap user suffix        =   ou=people,dc=domain,dc=de
> >
> >Is it possible ldap group suffix is relative?
> 
> yep all 'ldap *** suffix' parameter have changed to relative suffixes...:-(

it is a better way to handle on things

> >/var/log/messages:
> >ug 13 01:49:50 Wilma2 slapd[18118]: conn=1777 op=3 SRCH
> >base="ou=groups,dc=domain,dc=de,dc=domain,dc=de" scope=2
> >filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
> >
> >Will ldap group suffix changed to an "absolute" entry in
> >samba 3.0 final?
> 
> I really would preferr to do this:
> 
> ldap suffix = DC=DOM
> ldap group suffix = OU=Groups,DC=DOM       =>  OU=Groups,DC=DOM
> 
> and
> 
> ldap suffix = DC=DOM
> ldap group suffix = OU=Groups,         =>  OU=Groups,DC=DOM
> 
> I'm having a patch for this in my local tree...

I think it's not good.

An ldap suffix is done just to have a fixed suffix.
Why should we again support an absolute entry?
It is also prone to problems.

If you have a forest like this:

dc=dom
|-dc=dom
| |-ou=Group
| |-ou=...
|
|-ou=Group

what do you solve your path too? if you have only relative paths you
know it. Otherwise you must start guessing, and that's BAD.

Simo.

> 
> metze
> -----------------------------------------------------------------------------
> Stefan "metze" Metzmacher <metze at metzemix.de> 
-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399



More information about the samba-technical mailing list