On 23 June 2011 13:14, Bruce Richardson <> wrote: > On Thu, Jun 23, 2011 at 01:00:55PM +0100, Dermot wrote: >> Found it. >> >> It turns out that the config file for libnss-ldap is >> /etc/libnss-ldap.conf on my distro (Debian). So NSS was ignoring the >> config that I had been in /etc/ldap/ldap.conf and taking it from >> /etc/libnss-ldap.conf. > Samba's ldap searches are affected > by anything that goes into /etc/ldap/ldap.conf, which would cause > problems if the nsswitch-specific settings had to be stored there.
Perhaps I am not understanding you correctly because that runs counter my experience. The settings in my /etc/ldap/ldap.conf were correct whereas the ones in /etc/libnss-ldap.conf were not. It was the search filters from libnss-ldap.conf that were being used when I did `getent group`. I think your telling me that getent is tied to the nss framework so would use that config because that's what I told nsswitch.conf to do. I would have thought, but I am no expert, that samba would have used the config from smb.conf and that ldapsearch (and anything else that didn't have hooks else where) would use /etc/ldap/ldap.conf. # /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap Your workplace configuration sounds like what I am trying to deploy at mine. I'll be back. Thanks, Dermot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba