[PATCH]Re: ldap machine suffix behavior
Gerald (Jerry) Carter
jerry at samba.org
Thu Jun 12 18:38:09 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 11 Jun 2003, Steve Langasek wrote:
> The crucial difference seems to be that with the new patch, the 'ldap
> suffix' is only appended if the 'ldap machine suffix' has a trailing
> comma -- indicating that it's not a fully-qualified dn. So this is not
no. It is always appended or at least should be. See
param/loadparm.c:handle_ldap_sub_suffix(). If 'ldap suffix' has not been
set then set the string and return. Otherwise append
",ldap_ldap_suffix()" string to the new suffix. Set that string and
return.
pstrcpy(suffix, pszParmValue);
if (! *Globals.szLdapSuffix ) {
string_set( ptr, suffix );
return True;
}
else {
if ( *pszParmValue )
pstrcat(suffix, ",");
pstrcat(suffix, Globals.szLdapSuffix);
}
This means that you can have disparate suffixes by not defining 'ldap
suffix' at all. Which is a better solution. Thus you can set
ldap suffix = dc=plainjoe,dc=org
ldap idmap suffix = ou=idmap
ldap group suffix = ou=group
ldap user suffix = ou=people
ldap machine suffix = ou=people
or
ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
ldap group suffix = ou=group,dc=plainjoe,dc=org
ldap user suffix = ou=people,dc=plainjoe,dc=org
ldap machine suffix = ou=computers,dc=some dn
Granted the second option probably is not quite there yet btw...
I'll clean that yup next week.
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"You can never go home again, Oatman, but I guess you can shop there."
--John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+6MiSIR7qMdg1EfYRAlkBAKCXByWEs4MaTeFjKlbzaDJPtVtN3wCfT73Y
Ko4KeBOjOcefmfWe0lRS9KQ=
=vXN/
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list