ldap filter gone and sambadomainnname not checked
Pierre Filippone
pierre.filippone at retail-sc.com
Fri Mar 3 12:45:08 GMT 2006
Pierre Filippone/rscdus/retail-sc wrote on 03.03.2006 13:21:08:
> Volker Lendecke <vlendec at sernet.de> wrote on 03.03.2006 13:05:41:
>
> > On Fri, Mar 03, 2006 at 11:05:07AM +0100, Pierre Filippone wrote:
> > > We could do that, but this would break a lot of tools we use for
LDAP
> > > management.
> > >
> > > I just tried to x-out the sambaSID attribute. That seems to work,
the
> > > account is not listed any more. I hope that does not lead to smbd
crashes.
> > >
> > > I think another simple approach would be to add an
> > > &(sambadomainname=domname) to the internal LDAP filters when
> accessing the
> > > ldapsam. Maybe as an optional config parameter like "ldap check
> domainname
> > > = yes/no". That would give a little of the flexibility back the
people
> > > lost by the removal of the "ldap filter". I've seen some postings by
> > > people who complained about the loss of the filter parameter. Maybe
this
> > > could help them too.
> > >
> > > Just a thought.
> >
> > Another thought: Replace "objectclass=sambasamaccount" with
> > "objectclass=sambadeadsamaccount", after having extended
> > your schema appropriately.
> >
> > Volker
> Good idea.
> Which OID should I use to avoid conflicts with future schema extensions
?
>
> Pierre
I'll take the .9999. That will give me enough time, I think. :-)
Thanks for your help.
Pierre
More information about the samba-technical
mailing list