ldap filter gone and sambadomainnname not checked
Pierre Filippone
pierre.filippone at retail-sc.com
Fri Mar 3 12:21:23 GMT 2006
Volker Lendecke <vlendec at sernet.de> wrote on 03.03.2006 13:05:41:
> On Fri, Mar 03, 2006 at 11:05:07AM +0100, Pierre Filippone wrote:
> > We could do that, but this would break a lot of tools we use for LDAP
> > management.
> >
> > I just tried to x-out the sambaSID attribute. That seems to work, the
> > account is not listed any more. I hope that does not lead to smbd
crashes.
> >
> > I think another simple approach would be to add an
> > &(sambadomainname=domname) to the internal LDAP filters when accessing
the
> > ldapsam. Maybe as an optional config parameter like "ldap check
domainname
> > = yes/no". That would give a little of the flexibility back the people
> > lost by the removal of the "ldap filter". I've seen some postings by
> > people who complained about the loss of the filter parameter. Maybe
this
> > could help them too.
> >
> > Just a thought.
>
> Another thought: Replace "objectclass=sambasamaccount" with
> "objectclass=sambadeadsamaccount", after having extended
> your schema appropriately.
>
> Volker
Good idea.
Which OID should I use to avoid conflicts with future schema extensions ?
Pierre
More information about the samba-technical
mailing list