[Samba] multiple domains/ ldap /smbldap_search function/pdbedit/
Michael Gasch
gasch at eva.mpg.de
Sat Jul 1 07:59:47 GMT 2006
i guess an easy way to fix this w/out changing your structure is to use
slapd ACLs, that prohibit access to other domains for the first samba
manager instance (e.g. uid=manager,ou=People,dc=univ,dc=fr).
greez
Didier Roques wrote:
>>the organization is:
>>1)ou=People,dc=univ,dc=fr (the first domain)
>>
>>
>
> And your answer is here! dc=univ,dc=fr includes EVERYTHING - domain2 and
> domain3 and of course People,Groups from the top of LDAP tree.
>
>
>>2)ou=People,ou=domain2,dc=univ,dc=fr
>>
>>
>
> This for example consists ONLY with EVERYTHING in subtree:
> ou=domain2,dc=univ,dc=fr - that's why if you try and change samba "ldap
> suffix = ou=domain2,dc=univ,dc=fr - it will work OK. You will ONLY see
> people,groups and whatever you have but from this particular subtree.
>
>
>>3)ou=People,ou=domain3,dc=univ,dc=fr
>
>
>
> Sorry i've made a mistake:
> the three domains:
> 1)ou=People,dc=univ,dc=fr
> 2)ou=People,dc=domain2,dc=univ,dc=fr (dc and not ou)
> 2)ou=People,dc=domain3,dc=univ,dc=fr (dc and not ou)
>
> and i thought samba search only into the People branch under the suffix
> ldap mentioned into the smb.conf dc=univ,dc=fr and not under the other one
> .
>
>
>
>
>
>
More information about the samba
mailing list