[Samba] Re: Groupmap problem

Paul Gienger pgienger at ae-solutions.com
Mon Dec 27 20:08:21 GMT 2004



Adam Tauno Williams wrote:

>>>>It appears that
>>>>you have users stored in one OU and Computers stored in another OU.  I
>>>>don't believe this is supported right now.  (I believe this is because 
>>>>PAM will only search one OU for a UNIX user instead of multiples.)
>>>>        
>>>>
>>>NSS will only search one OU for account type objects; and both machines
>>>and user are accounts.
>>>      
>>>
>>While quite correct in most instances, it somewhat confuses the issue to 
>>state this.  
>>NSS will search one SCOPE for whatever it is you're looking 
>>    
>>
>
>The term "scope" in LDAP refers only to the depth of the search
>performed: base, one, or sub.   A search has four compnents: root,
>filter, scope, and context (the security credentials of the users, their
>source IP address, etc...).  It is entirely correct to refer to the,
>albiet subordinate, contents of an OU as contents of that OU.
>
>  
>
Ok, I'll accept bashing on that one... I was searching for a generalized 
term to apply. AFAIK, there's no reason you have to limit your search to 
an OU object class, unless the documentation is hiding that fact 
somewhere that I've not run across.  That's the crux of what I was 
getting at, saying that the terminology "OU" is unnecessarily  
restrictive.  Feel free to point me towards enlightenment if I'm wrong.

-- 
--
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com




More information about the samba mailing list