[Samba] Setting up LDAP Authentification - Tree design/search scope

Götz Reinicke - IT-Koordinator goetz.reinicke at filmakademie.de
Mon Mar 8 06:49:23 MST 2010


Hi,

recently I started to evaluate and think about setting up a central LDAP
system for authentification and "phonebook". I'm also new to LDAP.

There is a lot of doc and well documented how tos, and I came across the
following question:

Where is the search scope for samba defiend? Or is the LDAP servers
setting defining the scope?

All docs "talk" about putting all people under one branche, e.g.

ou=People,dc=example,dc=com for the samba setting I'd have

"ldap user suffix = ou=People"

But with this setting I dont see how I may restrict the search for the
phonebook look up. (e.g. I do have students, empoyees and other.
Students may look up students and employees, but not the "other" group.)

For me it would make more sense to "subgroup" the people like this:

ou=students,ou=People,dc=example,dc=com
ou=employees,ou=People,dc=example,dc=com
ou=other,ou=People,dc=example,dc=com

May be I'm mistaken.

Thanks for any comment and best regards!

	Götz
-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reinicke at filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner
Staatsrätin für Demographischen Wandel und für Senioren im Staatsministerium

Geschäftsführer:
Prof. Thomas Schadt


More information about the samba mailing list