[PATCH]Re: ldap machine suffix behavior

Steve Langasek vorlon at netexpress.net
Thu Jun 12 19:12:48 GMT 2003

On Thu, Jun 12, 2003 at 01:38:09PM -0500, Gerald (Jerry) Carter wrote:
> On Wed, 11 Jun 2003, Steve Langasek wrote:

> > The crucial difference seems to be that with the new patch, the 'ldap
> > suffix' is only appended if the 'ldap machine suffix' has a trailing
> > comma -- indicating that it's not a fully-qualified dn.  So this is not

> no.  It is always appended or at least should be.  See 
> param/loadparm.c:handle_ldap_sub_suffix().  If 'ldap suffix' has not been 
> set then set the string and return.  Otherwise append 
> ",ldap_ldap_suffix()" string to the new suffix.  Set that string and 
> return.

> This means that you can have disparate suffixes by not defining 'ldap
> suffix' at all. Which is a better solution.  Thus you can set

>         ldap suffix             = dc=plainjoe,dc=org
>         ldap idmap suffix       = ou=idmap
>         ldap group suffix       = ou=group
>         ldap user suffix        = ou=people
>         ldap machine suffix     = ou=people

> or 

>         ldap idmap suffix       = ou=idmap,dc=plainjoe,dc=org
>         ldap group suffix       = ou=group,dc=plainjoe,dc=org
>         ldap user suffix        = ou=people,dc=plainjoe,dc=org
>         ldap machine suffix     = ou=computers,dc=some dn

> Granted the second option probably is not quite there yet btw...
> I'll clean that yup next week.

Ah, I see -- this seems quite sensible, and gives all the flexibility
called for.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030612/8d4c6856/attachment.bin

More information about the samba-technical mailing list