reloading group member from LDAP

stephane.purnelle at stephane.purnelle at
Thu Jun 10 15:46:58 GMT 2004


I use samba 3.0.4 with LDAP backend and ACL, I have no problem.
But I see a small problem and I suggest a solution.

I explain by an example :
I have a user toto, he ask to me to access to two folder (erp01 and crm02).

The ACL of erp01 is grp_erp01 rwx
The ACL of crm02 is user_bla rx, user_blo, rwx

The first directory is managed by a group and the second directly with user
I going to my LDAP server and I add a memberUid ( = toto) to grp_erp01 and
I add a user to my ACL of crm02.

If I call toto for says " Ok, you can work", toto will see only crm02, no
Why : because smbd load group member on session setup.
If a use the command 'smbcontrol pid close-share' or I use the 'kill
button' of swat status, the auto-reconnection will reload the group, else

I just suggest for 3.0.5 to add a parameter : 'reload group' or 'reload
session setup' value in second and include the necessary code on smbd.


      Stéphane Purnelle

More information about the samba-technical mailing list