[Samba] Setting up LDAP Authentification - Tree design/search scope
Götz Reinicke - IT-Koordinator
goetz.reinicke at filmakademie.de
Mon Mar 8 06:49:23 MST 2010
Hi,
recently I started to evaluate and think about setting up a central LDAP
system for authentification and "phonebook". I'm also new to LDAP.
There is a lot of doc and well documented how tos, and I came across the
following question:
Where is the search scope for samba defiend? Or is the LDAP servers
setting defining the scope?
All docs "talk" about putting all people under one branche, e.g.
ou=People,dc=example,dc=com for the samba setting I'd have
"ldap user suffix = ou=People"
But with this setting I dont see how I may restrict the search for the
phonebook look up. (e.g. I do have students, empoyees and other.
Students may look up students and employees, but not the "other" group.)
For me it would make more sense to "subgroup" the people like this:
ou=students,ou=People,dc=example,dc=com
ou=employees,ou=People,dc=example,dc=com
ou=other,ou=People,dc=example,dc=com
May be I'm mistaken.
Thanks for any comment and best regards!
Götz
--
Götz Reinicke
IT-Koordinator
Tel. +49 7141 969 420
Fax +49 7141 969 55 420
E-Mail goetz.reinicke at filmakademie.de
Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de
Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner
Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium
Geschäftsführer:
Prof. Thomas Schadt
More information about the samba
mailing list