[Samba] LDAP suffixes
John H Terpstra
jht at primastasys.com
Wed Aug 17 15:30:31 GMT 2005
On Wednesday 17 August 2005 09:15, William Jojo wrote:
> need clarification of the use of:
>
> ldap suffix
> ldap machine suffix
> ldap user suffix
> ldap idmap suffix
>
> smb.conf.5 indicates you should have a fully qualified suffix such as:
>
> ldap suffix = dc=blah,dc=com
> ldap machine suffix = ou=People,dc=blah,dc=com
> ldap user suffix = ou=People,dc=blah,dc=com
> ldap group suffix = ou=Groups,dc=blah,dc=com
> ldap idmap suffix = ou=Idmap,dc=blah,dc=dom
It is sufficient to specify:
ldap suffix = dc=foobar,dc=biz
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
Samba will take care of the catenation. These will all be expanded correctly.
For example the 'ldap user suffix' will be expanded to:
ldap machine suffix = ou=Computers,dc=foobar,dc=biz
- John T.
>
> as demonstrated by:
>
> Example: ldap idmap suffix = ou=Idmap,dc=samba,dc=org
>
> and
>
> Example: ldap group suffix =
> ou=Groups,dc=samba,ou=Groups
>
> (which, btw, is a not a good example)
>
>
> However, it appears from a log level 5 that this happens:
>
> [2005/08/17 11:05:57, 5] lib/smbldap.c:smbldap_search_ext(980)
> smbldap_search_ext: base => [ou=Groups,dc=blah,dc=com,dc=blah,dc=com],
> filter
> => [(&(objectClass=sambaGroupMapping)(gidNumber=-2))], scope => [2]
>
> It combines two suffixes. Which is the correct behavior?
>
> I see utils/net_rpc_samsync.c seems to think the prior is true.
>
>
> This behavior is consistent all the way back to 3.0.11.
>
>
> Cheers,
>
>
> Bill
--
John H Terpstra, CTO
PrimaStasys Inc.
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list