[Samba] objectClass:posixAccount missing
steve
steve at steve-ss.com
Wed Aug 28 01:58:06 MDT 2013
On Wed, 2013-08-28 at 00:30 +0200, Luca Olivetti wrote:
> Al 27/08/13 23:56, En/na Gary Greene ha escrit:
>
> > If you set it up with '--use-rfc2307', nslcd needs configured as though it is talking to an SFU 3.5 DC. The RFC 2307bis attributes never add additional classes to the AD member objects, even in an SFU environment.
>
> Thank you, that gave me an hint: I added a
>
> filter passwd (objectclass=user)
>
> to /etc/nslcd.conf
>
> and that gave me the missing users.
> I suppose I should add also a
>
> filter group (objectclass=group)
>
> for groups.
>
> Note that those filters are also, e.g. here
> https://help.ubuntu.com/community/ADWin2k8KerberosLDAP
>
> but I overlooked them.
With recent versions of nslcd, neither of the filters are needed and
serve only to slow down lookups. All that is needed is:
uid nslcd
gid nslcd
uri ldap://your.f.q.d.n
base dc=foo,dc=bar
map passwd uid samAccountName
map passwd homeDirectory unixHomeDirectory
sasl_mech GSSAPI
sasl_realm SOME.REALM
krb5_ccname /tmp/nslcd.tkt
hth to speed things up a little.
Steve
More information about the samba
mailing list