[Samba] LDAP suffixes

Gerald (Jerry) Carter jerry at samba.org
Wed Aug 17 15:41:39 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

William Jojo wrote:
> 
> On Wed, 17 Aug 2005, Gerald (Jerry) Carter wrote:
> 
> William Jojo wrote:
> 
>>need clarification of the use of:
> 
>>ldap suffix
>>ldap machine suffix
>>ldap user suffix
>>ldap idmap suffix
> 
>>smb.conf.5 indicates you should have a fully qualified suffix such as:
> 
>>   ldap suffix = dc=blah,dc=com
>>   ldap machine suffix = ou=People,dc=blah,dc=com
>>   ldap user suffix = ou=People,dc=blah,dc=com
>>   ldap group suffix = ou=Groups,dc=blah,dc=com
>>   ldap idmap suffix = ou=Idmap,dc=blah,dc=dom
> The man page is wrong.  You can use a fully DN only if
> 'ldap suffix' is an empty string.
> 
> 
> 
>> Ok. Should 'ldap suffix' ever be empty? Where would 
> Samba put sambaDomain objects if this were empty? It seems to
> me this should never be empty. :-)


True.  Can't really write the rootDSE now can you.
+1 for you.





cheers, jerry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDA1qzIR7qMdg1EfYRAi6TAKCjyZF3D+kSMPGTatuzo9sCw/KqlACeLzAM
X04BbWkomLpoynmxfm0N8qo=
=dlSI
-----END PGP SIGNATURE-----


More information about the samba mailing list