[Samba] Persistent error in documentation

Miguel Medalha miguelmedalha at sapo.pt
Sun Mar 14 10:18:54 MDT 2010

The book "Samba 3 By Example", under section "5.4.5 LDAP Initialization 
and Creation of User and Group Accounts", contains the following statement:

The configuration file for the |nss_ldap| library is the file 
|/etc/ldap.conf| that provides only one possible LDAP search command 
that is specified by the entry called |nss_base_passwd|. This means that 
the search path must take into account the directory structure so that 
the LDAP search will commence at a level that is above both the 
Computers container and the Users (or People) container. If this is 
done, it is necessary to use a search that will descend the directory 
tree so that the machine account can be found. Alternatively, by placing 
all machine accounts in the People container, we are able to sidestep 
this limitation. This is the simpler solution that has been adopted in 
this chapter.

It probably was once true but it is simply not true nowadays. It is 
possible to have multiple entries for "nss_base_passwd", as it is 
correctly stated in section " Debugging NSS_LDAP", at the end 
of point 1:

The appropriate multiple entry for the nss_base_passwd directive in the 
/etc/ldap.conf file may be:

nss_base_passwd ou=People,ou=Users,dc=abmas,dc=org?one
nss_base_passwd ou=Computers,ou=Users,dc=abmas,dc=org?one

Will the developers please correct this contradiction in the coming 
editions of the documents?

Thank you!

More information about the samba mailing list