[Samba] Re: Groupmap problem
Paul Gienger
pgienger at ae-solutions.com
Mon Dec 27 20:08:21 GMT 2004
Adam Tauno Williams wrote:
>>>>It appears that
>>>>you have users stored in one OU and Computers stored in another OU. I
>>>>don't believe this is supported right now. (I believe this is because
>>>>PAM will only search one OU for a UNIX user instead of multiples.)
>>>>
>>>>
>>>NSS will only search one OU for account type objects; and both machines
>>>and user are accounts.
>>>
>>>
>>While quite correct in most instances, it somewhat confuses the issue to
>>state this.
>>NSS will search one SCOPE for whatever it is you're looking
>>
>>
>
>The term "scope" in LDAP refers only to the depth of the search
>performed: base, one, or sub. A search has four compnents: root,
>filter, scope, and context (the security credentials of the users, their
>source IP address, etc...). It is entirely correct to refer to the,
>albiet subordinate, contents of an OU as contents of that OU.
>
>
>
Ok, I'll accept bashing on that one... I was searching for a generalized
term to apply. AFAIK, there's no reason you have to limit your search to
an OU object class, unless the documentation is hiding that fact
somewhere that I've not run across. That's the crux of what I was
getting at, saying that the terminology "OU" is unnecessarily
restrictive. Feel free to point me towards enlightenment if I'm wrong.
--
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com
More information about the samba
mailing list