[Samba] 3.0.20b seems to ignore "ldap user suffix"
Jonas Jochum
jj at archit.uni-karlsruhe.de
Fri Oct 28 15:11:26 GMT 2005
Am Friday 28 October 2005 16:00 schrieb Craig White:
> does this match what is in padl's ldap.conf ?
Do you mean pam_ldap.conf?
No, it doesn't:
base ou=aktiv,ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de
libnss-ldap.conf uses
base o=archipool,dc=arch,dc=uni-karlsruhe,dc=de
The reason for this is that we're temporarily moving disabled accounts to
ou=inakt,ou=accounts,o=archipool,dc=arch,dc=uni-karlsruhe,dc=de.
Due to samba using the wrong search base, they're still able to log in (don't
tell me to use sambaAcctFlags - I know they can be used for accomplishing the
same thing).
Bye,
Jonas
More information about the samba
mailing list