Didier Roques napisał(a):
Didier Roques napisał(a):
Hi all,
Hello,
I use samba 3.0.20
the ldap paramaters into the smb.conf are:
passdb backend = ldapsam:ldap://localhost smbpasswd guest
ldap suffix = dc=univ,dc=fr
ldap machine suffix = ou=Hosts
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
Into my ldap tree i've got 3 domains samba defined
some uid exists into 2 of 3 domains
I also have more than 3 domains in my LDAP ... but it works great!!!
(toto01 exists twice but into two differents domains)
If i use pdbedit -L -v -d 10 toto01 i've got the following thing:
smbldap_search_ext: base => [dc=univ,dc=fr], filter =>
[(&(uid=toto01)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwnam: Duplicate entries for this user [toto01] Failing.
count=2
How are the domains organized? According to your information it seems
that dc=univ,dc=fr is a base for all 3 domains - am I right? In such
case the message you get is NORMAL. Shouldn't it be like this:
1) ou=People,ou=domain1,dc=univ,dc=fr
2) ou=People,ou=domain2,dc=univ,dc=fr
3) ou=People,ou=domain3,dc=univ,dc=fr?
But then your samba ldap suffix should be:
ldap suffix = ou=domainx,dc=univ,dc=fr
the organization is:
1)ou=People,dc=univ,dc=fr (the first domain)
And your answer is here! dc=univ,dc=fr includes EVERYTHING - domain2 and
domain3 and of course People,Groups from the top of LDAP tree.
2)ou=People,ou=domain2,dc=univ,dc=fr
This for example consists ONLY with EVERYTHING in subtree:
ou=domain2,dc=univ,dc=fr - that's why if you try and change samba "ldap
suffix = ou=domain2,dc=univ,dc=fr - it will work OK. You will ONLY see
people,groups and whatever you have but from this particular subtree.
3)ou=People,ou=domain3,dc=univ,dc=fr
the three domains are not at the same level into the ldap tree !
I think the solution you give is a nice one (i thought to use it before).
But i'd like to know why the function smbldap_search_ext doesn't search
into the right branch given by the ldap parameters of smb.conf? is it a
bug or normal ?
thanks a lot about your response
BR,
Marcin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
