[Samba] LDAP suffixes

Geert Stappers stappers at stappers.nl
Thu Aug 18 07:18:25 GMT 2005 

On Wed, Aug 17, 2005 at 04:35:05PM -0600, John H Terpstra wrote:
> On Wednesday 17 August 2005 15:57, Geert Stappers wrote:
    <snip/>
> > . ldap suffix [dc=abmas,dc=biz] >
> > . ldap group suffix [ou=Groups] >
> > . ldap user suffix [ou=People,ou=Users] >
> > . ldap machine suffix [ou=Computers,ou=Users] >
> > . Idmap suffix [ou=Idmap] >
> >
> > That makes this LDAP  tree(beard)
> >
> >                              dc=abmas,dc=bz
> >                                   /|\
> >                                  / | \
> >                                 /  |  \
> >                         ou=Groups  | ou=Idmap
> >
> >                                 ou=Users
> >                                   / \
> >                                  /   \
> >                                 /     \
> >                         ou=People    ou=Computers
> >
> > That allows a   nss_base_passwd   ou=Users,dc=abmas,dc=biz?one
> 
> No, if you want to perform a single search in nss_ldap you need:
> 
> nss_base_passwd	ou=Users,dc=abmas,dc=biz?sub
> 
> Note: sub not one

Okay, noticed

> > Shouldn't  /etc/samba/smb.conf contain
> >
> >     ldap user suffix = ou=People,ou=Users
> >     ldap machine suffix = ou=Computers,ou=Users
> 
> Correct.
> 
> >
> > or
> >
> >     ldap user suffix = ou=Users
> >     ldap machine suffix = ou=Users
> 
> No, that expects all the accounts to be in the ou=Users container.
> 
> >
> > instead of the current
> >
> >     ldap machine suffix = ou=People
> >     ldap user suffix = ou=People
> 
> That expects all user and machine accounts in the ou=People container.
> 
> >
> > that is now in Example 5.7. LDAP Based smb.conf File, Server: MASSIVE
> > global Section: Part B at
> > http://us2.samba.org/samba/docs/man/Samba3-ByExample/happy.html ?
> 
> The example puts both user and machine accounts into the ou=People container. 
> The diagnostic section explains how they CAN be separated.

Now I get it, I did see a strange single trail, but it are several trails.
( s/trail/configuration/ )

> 
> Cheers,
> John T. (Jan, de man die niet alles kan).

Het was een aangename verrassing om van jou nederlands te lezen.
Ik schoot zelfs in de lach. Wat kan een mens toch op het verkeerde been
staan.

In English:
It was a plesant surprise to read Dutch from. It did made my laugh.
Man can be tricked by his assumptions.


Cheers
Geert Stappers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba/attachments/20050818/ced509f3/attachment.bin

More information about the samba mailing list