option ldap filter remove in 3.0.20
steuwer at univention.de
Tue Sep 20 05:28:51 GMT 2005
Am Montag, 19. September 2005 16:22 schrieb Gerald (Jerry) Carter:
> Ingo Steuwer wrote:
> > Hello
> > we realized that the option "ldap filter" was removed in
> > 3.0.20. As we need this option in one of our projects
> > to seperate Users on different samba-instances/-servers
> > I'd like to know for what reason the option was removed?
> > The SVN-Patch was small and changed only two files so we'd
> > like to reactivate this option using it. Is there any chance
> > for this to get back into SVN?
> The option didn't work, and was not always applied consistently.
> We had too many configuration errors by users who had misconfigured
> or misunderstood the option. It was simply historical baggage.
> You can present your case, but it will take a lot of convincing.
> Perhaps if you give some specific examples of what filter you use.
The option did a good job in several samba releases for us. We use it to
define network- or location-based access for users using a ldap-attribute.
In an example:
Three locations A, B and C have each its own PDC (no common wins-server) based
on the same ldap. Location A has no ldap filter, B has filter (&(uid=%u)
(location=B)) and C has filter (&(uid=%u)(location=C)). I can decide per user
on which location he may work (he can always login at A), while I've got the
complete address-book and other LDAP-stuff at each location.
This is far more easy to administrate than sambaUserWorkstations and can be
used in other ldap-based tools also.
> Of course, it's a small change so you can always just keep it as
> a local change.
Sure, more work for us ;)
Ingo Steuwer steuwer at univention.de fon: +49 421 22 232- 0
Entwicklung Linux for Your Business
Univention GmbH http://www.univention.de/ fax: +49 421 22 232-99
More information about the samba-technical