[Samba] 'ldap passwd sync' not working
Tony Earnshaw
tonye at billy.demon.nl
Mon Feb 7 16:29:52 GMT 2005
Adam Tauno Williams:
[...]
>> Oh yes - regular (existing or new) Posix group users can be anywhere in
>> your DSA,
>
> I think you mean "anywhere in your Dit"; "anywhere in your DSA" doesn't
> make much sense,
Yep.
>> in any group (though it makes sense to put computer trusts under
>> ou=smb).
>
> I think you mean "in any container".
Nope, Posix group - though it can also be a container, I guess. However,
leaves in that "container" may have other primary groups than that of the
"container" itself - in which Openldap is more flexible than, f.ex.
Novell's eDirectory.
> And you're wrong, they need to be below the search base used by NSS for
> the appropriate object type - groups, person, etc... You can only put
> them
> anywhere if you are using the root of the Dit as your search base which is
> generally inadvisable for a number of reasons.
I can only tell you what works for me (remember I write that I hate the
word HOWTO and all it implies). What I meant was, that users don't have to
be in the smb tree/hierarchy - they may be in any hierarchy in the DIT.
>> Simply run smbpasswd or pdbedit (can be done from a script) on each one
>> to add them to the domain. Personally I don't use the IDEALX scripts, I
>> write my own awk and shell scripts.
>
> Same, we've written .NET (Mono) 'scripts' for doing this.
--Tonni
--
mail: tonye at billy.demon.nl
http://www.billy.demon.nl
More information about the samba
mailing list