ldap group suffix relative
Simo Sorce
simo.sorce at xsec.it
Thu Aug 14 07:21:41 GMT 2003
On Wed, 2003-08-13 at 21:56, Stefan (metze) Metzmacher wrote:
> At 11:45 13.08.2003 +0200, Tilo Lutz wrote:
> >Hi
> >
> >I use samba 3.0rc1? with openldap.
> >Don'T know if it's really rc1 or beta3.
> >Downloaded it from ftp.suse.com
> >
> >Here are the ldap-options from smb.conf:
> > ldap admin dn = uid=wilma2,dc=domain,dc=de
> > ldap suffix = dc=domain,dc=de
> > ldap machine suffix = ou=machines,dc=domain,dc=de
> > ldap group suffix = ou=groups,dc=domain,dc=de
> > ldap idmap suffix = dc=domain,dc=de
> > ldap user suffix = ou=people,dc=domain,dc=de
> >
> >Is it possible ldap group suffix is relative?
>
> yep all 'ldap *** suffix' parameter have changed to relative suffixes...:-(
it is a better way to handle on things
> >/var/log/messages:
> >ug 13 01:49:50 Wilma2 slapd[18118]: conn=1777 op=3 SRCH
> >base="ou=groups,dc=domain,dc=de,dc=domain,dc=de" scope=2
> >filter="(&(objectClass=sambaGroupMapping)(gidNumber=65533))"
> >
> >Will ldap group suffix changed to an "absolute" entry in
> >samba 3.0 final?
>
> I really would preferr to do this:
>
> ldap suffix = DC=DOM
> ldap group suffix = OU=Groups,DC=DOM => OU=Groups,DC=DOM
>
> and
>
> ldap suffix = DC=DOM
> ldap group suffix = OU=Groups, => OU=Groups,DC=DOM
>
> I'm having a patch for this in my local tree...
I think it's not good.
An ldap suffix is done just to have a fixed suffix.
Why should we again support an absolute entry?
It is also prone to problems.
If you have a forest like this:
dc=dom
|-dc=dom
| |-ou=Group
| |-ou=...
|
|-ou=Group
what do you solve your path too? if you have only relative paths you
know it. Otherwise you must start guessing, and that's BAD.
Simo.
>
> metze
> -----------------------------------------------------------------------------
> Stefan "metze" Metzmacher <metze at metzemix.de>
--
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
More information about the samba-technical
mailing list