[Samba] Re: winbind with ldap backend permissions
Thorsten Scherf
tscherf at redhat.com
Wed Oct 6 15:43:46 GMT 2004
On Wed, 06.10.2004 Igor Belyi wrote:
> Thorsten Scherf wrote:
> > hi,
> >
> > I set up a winbindd with a ldap backend, here is the relevant part of my
> > smb.conf:
> >
> > idmap backend = ldap:ldap://mail.rhel.homelinux.com
> > ldap admin dn = cn=winbind,dc=example,dc=com
> > ldap suffix = dc=example,dc=com
> > ldap idmap suffix = ou=idmap
> >
> > On the ldap server I set up the ou=idmap and also permissions for
> > cn=winbind to write into the ou=idmap:
> >
> > access to dn="(.),ou=idmap,dc=example,dc=com"
> > by dn="cn=winbind,dc=example,dc=com"
> > by * read
>
> Did you try to change your 'what' part of the access to:
>
> dn.subtree="ou=idmap,dc=example,dc=com"
this works fine.
but what is the difference to "dn=(.*),ou=idmap,dc=example,dc=com"?
with my understanding of the ldap-access rules it should just be a performance issue, souldn't it?!
cu,
thorsten
--
Thorsten Scherf <tscherf at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.samba.org/archive/samba/attachments/20041006/23c6d114/attachment.bin
More information about the samba
mailing list