ldap filter and man page [WAS Re: [Samba] My story installing
Samba-LDAP PDC (it has a happy ending)
Andrew Bartlett
abartlet at samba.org
Thu Jan 22 07:43:14 GMT 2004
On Thu, 2004-01-22 at 13:30, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Beast wrote:
>
> > If I did not set "ldap filter" then according man page
> > (smb.conf) it will be:
> >
> > Default: ldap filter = (&(uid=%u)(objectclass=sambaAccount))
>
> The ldap filter parameter is irrelavant in some searches (such as the
> idmap backend ldap searches and the gourp mapping lookups).
>
> > Also man page for smb.conf(5) in samba-3.0.2rc1 is
> > truncated, only 1 page long, at least in srpm package.
>
> Hmmm...it's fine in the tarball. And it's fine in the RH SRPM.
> Something wrong your system ?
>
> > fyi, I've tried 3.0.2rc1 without setting 'ldap filter' in
> > smb.conf and put computer account under ou=computer and
> > it able to add machine. Any strong reason to not putting
> > computer account different than user accounts?
>
> It's not real since nss_ldap still has locate the posixAccount
> for the computer.
Naturally, this just means you need to give nss_ldap the same ldap base
DN to search under as samba is using. Naturally, if nss_ldap only looks
under ou=people, then it's not going to work, but I set my base dn to
just 'dc=hawkerc,dc=net', and carry the minor cost of a possible search
against other ou's that might not contain accounts.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040122/6141b60b/attachment.bin
More information about the samba
mailing list