Restrict Winbind enumeration to specific OU?

Gerald (Jerry) Carter jerry at samba.org
Wed Oct 25 15:30:28 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin Maggard wrote:

> Hmm, I think the idea of restricting only users to an OU 
> would be a great benefit in some cases.  Setting winbind
> enum * = 0 certainly does help some, but it would be great
> to be able to do either/both.  Does anyone know of a way
> to set things up from the Windows side so that the
> Samba machine would only have access to a single OU?

Just off the top of my head....

We might could restrict users but I think groups would
be a problem.  Unless you can ensure that all groups
a users belongs to exist in the same OU.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFP4MTIR7qMdg1EfYRApHoAJ9poMZrTvazxZFq58rcTVb2ukseIgCg3G9j
PQaLz4d66CNVgbe2Yle8hms=
=sR5t
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list