ldap filter gone and sambadomainnname not checked
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Mar 3 12:05:41 GMT 2006
On Fri, Mar 03, 2006 at 11:05:07AM +0100, Pierre Filippone wrote:
> We could do that, but this would break a lot of tools we use for LDAP
> management.
>
> I just tried to x-out the sambaSID attribute. That seems to work, the
> account is not listed any more. I hope that does not lead to smbd crashes.
>
> I think another simple approach would be to add an
> &(sambadomainname=domname) to the internal LDAP filters when accessing the
> ldapsam. Maybe as an optional config parameter like "ldap check domainname
> = yes/no". That would give a little of the flexibility back the people
> lost by the removal of the "ldap filter". I've seen some postings by
> people who complained about the loss of the filter parameter. Maybe this
> could help them too.
>
> Just a thought.
Another thought: Replace "objectclass=sambasamaccount" with
"objectclass=sambadeadsamaccount", after having extended
your schema appropriately.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060303/56345f08/attachment.bin
More information about the samba-technical
mailing list