While quite correct in most instances, it somewhat confuses the issue to state this. NSS will search one SCOPE for whatever it is you're looking for. More often than anything, you point your ldap configuration to search an OU, such as OU=People,dc=etc?one. Notice the ?one at the end. That tells the search that it is to not dive down into the tree farther than the first level. An often suggested workaround for this OU=Computers situation is to set your passwd search to dc=etc.?sub which will take you to a full directory search for the needed accounts. I'll leave the performance issues as an excersize for the readers' search tool as it has been brought up here before. A less suggested alternative is to configure your accounts in a common tree and then split people and computers below that. Something like ou=Accounts,dc=etc and then making ou=People,ou=Accounts,dc=etc and such.It appears that
you have users stored in one OU and Computers stored in another OU. I
don't believe this is supported right now. (I believe this is because PAM will only search one OU for a UNIX user instead of multiples.)
NSS will only search one OU for account type objects; and both machines and user are accounts.
What is often dreamed of by people would be something like specifying multiple scopes in the ldap configuration, something like follows:
passwd ou=People,dc=etc?one
passwd ou=Computers,dc=etc?one
-- -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
