[Samba] parameter "ldap user suffix" ignored?

Dominique Petitpierre Dominique.Petitpierre at adm.unige.ch
Thu Jan 27 16:02:22 GMT 2005


It seems that the smb.conf parameter "ldap user suffix" has no effect
when searching for users.
When searching for a user in the LDAP server samba uses the simple
"ldap suffix" without prepending the "ldap user suffix".  But it works
for "ldap group suffix".  The description of these two parameters are
similar in the manual for smb.conf.

Here are the relevant parameters from smb.conf:

# grep '^ldap.*suffix' smb.conf
ldap suffix = dc=unige,dc=ch
ldap user suffix = ou=People
ldap machine suffix = ou=Hosts
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap

Here is an extract of the LDAP server log during one transaction:
  SRCH base="dc=unige,dc=ch" \
       scope=2 \
       filter="(&(uid=test)(objectClass=sambaSamAccount))" \
       attrs="uid ....
  SRCH base="ou=group,dc=unige,dc=ch" \
       scope=2 \
       filter="(&(objectClass=sambaGroupMapping)(gidNumber=40000))" \
       attrs="gidNumber ....

There is also the following comment in the example smb.conf file:

| Seperate suffixes are available for machines, users, groups,
| and idmap, if ldap suffix appears first, it is appended to
| the specific suffix.

So I inferred that one could specify a full user suffix if it appeared
before ldap suffix:

ldap user suffix = ou=People,dc=unige,dc=ch
ldap suffix = dc=unige,dc=ch

But this has no effect.

This happens with samba 3.0.10 on Mandrake Linux 10.1.

- Is there a way to have "ldap user suffix" not be ignored for
   searches? How?

Thanks in advance for your answers!

Best regards,
Mr Dominique Petitpierre       Email: User at Domain
Division Informatique                 User=Dominique.Petitpierre
University of Geneva                  Domain=adm.unige.ch

More information about the samba mailing list