ldap filter gone and sambadomainnname not checked

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Mar 3 12:05:41 GMT 2006

On Fri, Mar 03, 2006 at 11:05:07AM +0100, Pierre Filippone wrote:
> We could do that, but this would break a lot of tools we use for LDAP 
> management.
> I just tried to x-out the sambaSID attribute. That seems to work, the 
> account is not listed any more. I hope that does not lead to smbd crashes.
> I think another simple approach would be to add an 
> &(sambadomainname=domname) to the internal LDAP filters when accessing the 
> ldapsam. Maybe as an optional config parameter like "ldap check domainname 
> = yes/no". That would give a little of the flexibility back the people 
> lost by the removal of the "ldap filter". I've seen some postings by 
> people who complained about the loss of the filter parameter. Maybe this 
> could help them too.
> Just a thought.

Another thought: Replace "objectclass=sambasamaccount" with
"objectclass=sambadeadsamaccount", after having extended
your schema appropriately.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060303/56345f08/attachment.bin

More information about the samba-technical mailing list