reloading group member from LDAP
stephane.purnelle at corman.be
stephane.purnelle at corman.be
Thu Jun 10 15:46:58 GMT 2004
Hello,
I use samba 3.0.4 with LDAP backend and ACL, I have no problem.
But I see a small problem and I suggest a solution.
I explain by an example :
I have a user toto, he ask to me to access to two folder (erp01 and crm02).
The ACL of erp01 is grp_erp01 rwx
The ACL of crm02 is user_bla rx, user_blo, rwx
The first directory is managed by a group and the second directly with user
list.
I going to my LDAP server and I add a memberUid ( = toto) to grp_erp01 and
I add a user to my ACL of crm02.
If I call toto for says " Ok, you can work", toto will see only crm02, no
erp01.
Why : because smbd load group member on session setup.
If a use the command 'smbcontrol pid close-share' or I use the 'kill
button' of swat status, the auto-reconnection will reload the group, else
not.
I just suggest for 3.0.5 to add a parameter : 'reload group' or 'reload
session setup' value in second and include the necessary code on smbd.
Thanks
Stéphane Purnelle
More information about the samba-technical
mailing list