[Samba] LDAP suffixes
John H Terpstra
jht at samba.org
Wed Aug 17 16:56:39 GMT 2005
On Wednesday 17 August 2005 10:05, Geert Stappers wrote:
> On Wed, Aug 17, 2005 at 09:30:31AM -0600, John H Terpstra wrote:
> > It is sufficient to specify:
> >
> > ldap suffix = dc=foobar,dc=biz
> > ldap machine suffix = ou=Computers
> > ldap user suffix = ou=People
> > ldap group suffix = ou=Groups
> > ldap idmap suffix = ou=Idmap
> >
> > Samba will take care of the catenation. These will all be expanded
> > correctly. For example the 'ldap user suffix' will be expanded to:
> >
> > ldap machine suffix = ou=Computers,dc=foobar,dc=biz
>
> Over here I have a dead tree copy of Samba-3 by Example
> which says on in Chapter 6, paragraph 3.5
> LDAP Initialization and Creation of User Group Accounts
>
>
> NOTE
>
> ... By placing all machine accounts in the People
> container, we were able to side-step this bug.
This note has been significantly expanded in the second edition of this book.
It is now in Chapter 5, section 5.4.5. The more detailed explanation in the
second edition demonstrates the fact that this was not a bug in Samba, but
rather an identity resolution issue involving NSS.
> So it seems the bug, that prevents samba from being able to search the LDAP
> database for computer accounts if they are placed in the Computers
> container, is gone.
The problem is one of the ability to find the computer account via NSS.
>
> My questions:
>
> * the version with the bug, did they work with
>
> ldap suffix = dc=foobar,dc=biz
> ldap user suffix = ou=People
> ldap machine suffix = ou=Computers,ou=People
>
> in smb.conf succesfull?
>
>
> * In which version was the bug fixed?
This was not a Samba bug as explained above.
PS: Suggest you refer to chapter 5, section 5.3.1.7, of the current
Samba3-ByExample book. You can obtain it on-line from:
http://www.samba.org/samba/docs/Samba3-ByExample.pdf
This book will become available in computer stores by mid-September.
Cheers,
John T.
More information about the samba
mailing list