[Samba] Questions about ldap organizational units
lists at aarcane.org
Thu Dec 30 02:10:06 MST 2010
I'm kinda new to this too, but I'll share what knowledge I've acquired
On 12/29/2010 23:01, Taso Hatzi wrote:
> Environment is Samba as a PDC, OpenLDAP backend, with
> smbldap-tools providing the scripts to manipulate the data.
> What are the recommended/mandated organizational units (OU=)
> for user, computer, group info.
Whatever suits your needs
> I'm pretty sure that groups go in ou=Groups, but I am confused
> about where user and computer data goes.
Groups go wherever you need them
> I have seen ou=People, ou=Computers, and ou=Users in various places.
> Which is it and why?
You can have 0 or more OUs to store data. you can put everything
directly in your root dn, or you can use "Organizational Units" to
organize them. for example, you can store users, groups, etc. by
department instead of by users, groups, machines. but the smbldaptools
use users, groups, machines (or similarly named OUs) to place these
objects in. If you wanted, you could have users stored by department,
or by zip code, or any arbitrary scheme you like (ou=PeopleILike,dc=..,
ou=PeopleIDontLike,dc=.., etc..). for ldap in general there's no real
rhyme or reason to where they need to be. Samba seems to like them
sorted into users, groups, machines, and idmaps in one branch of your
directory. the thinking seems to be each organizational unit of your
organization should represent a domain with it's own users, groups,
idmaps, etc. I believe it's possible to configure samba to handle
whatever you need, but I can't find any entries in the smb.conf manpage
about ldap search depth.
the long and short of it is call them whatever you want, but keep 'em
together and remember what you called them
More information about the samba