[Samba] Re: Groupmap problem
Paul Gienger
pgienger at ae-solutions.com
Mon Dec 27 18:58:23 GMT 2004
>>It appears that
>>you have users stored in one OU and Computers stored in another OU. I
>>don't believe this is supported right now. (I believe this is because
>>PAM will only search one OU for a UNIX user instead of multiples.)
>>
>>
>
>NSS will only search one OU for account type objects; and both machines
>and user are accounts.
>
While quite correct in most instances, it somewhat confuses the issue to
state this. NSS will search one SCOPE for whatever it is you're looking
for. More often than anything, you point your ldap configuration to
search an OU, such as OU=People,dc=etc?one. Notice the ?one at the
end. That tells the search that it is to not dive down into the tree
farther than the first level. An often suggested workaround for this
OU=Computers situation is to set your passwd search to dc=etc.?sub which
will take you to a full directory search for the needed accounts. I'll
leave the performance issues as an excersize for the readers' search
tool as it has been brought up here before. A less suggested
alternative is to configure your accounts in a common tree and then
split people and computers below that. Something like
ou=Accounts,dc=etc and then making ou=People,ou=Accounts,dc=etc and such.
What is often dreamed of by people would be something like specifying
multiple scopes in the ldap configuration, something like follows:
passwd ou=People,dc=etc?one
passwd ou=Computers,dc=etc?one
--
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list