[PATCH]Re: ldap machine suffix behavior
Steve Langasek
vorlon at netexpress.net
Thu Jun 12 19:12:48 GMT 2003
On Thu, Jun 12, 2003 at 01:38:09PM -0500, Gerald (Jerry) Carter wrote:
> On Wed, 11 Jun 2003, Steve Langasek wrote:
> > The crucial difference seems to be that with the new patch, the 'ldap
> > suffix' is only appended if the 'ldap machine suffix' has a trailing
> > comma -- indicating that it's not a fully-qualified dn. So this is not
> no. It is always appended or at least should be. See
> param/loadparm.c:handle_ldap_sub_suffix(). If 'ldap suffix' has not been
> set then set the string and return. Otherwise append
> ",ldap_ldap_suffix()" string to the new suffix. Set that string and
> return.
> This means that you can have disparate suffixes by not defining 'ldap
> suffix' at all. Which is a better solution. Thus you can set
> ldap suffix = dc=plainjoe,dc=org
> ldap idmap suffix = ou=idmap
> ldap group suffix = ou=group
> ldap user suffix = ou=people
> ldap machine suffix = ou=people
> or
> ldap idmap suffix = ou=idmap,dc=plainjoe,dc=org
> ldap group suffix = ou=group,dc=plainjoe,dc=org
> ldap user suffix = ou=people,dc=plainjoe,dc=org
> ldap machine suffix = ou=computers,dc=some dn
> Granted the second option probably is not quite there yet btw...
> I'll clean that yup next week.
Ah, I see -- this seems quite sensible, and gives all the flexibility
called for.
Cheers,
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030612/8d4c6856/attachment.bin
More information about the samba-technical
mailing list