> As far as I know, it *HAS* to be done this way because the posixGroup
> schema is way out of date (it wont take a dn as a member).
That is true, well the "out of date" part. It doesn't have to be done
this way.
> This info
> according to the gurus on the OpenLDAP list. In effect we have to
OK, just went through the research on how to set up scalable LDAP
backends. By scaleable I mean without having Samba use the root dn to
access ldap. This way, if you are going through the logs, you will be
able to tell which domain controller is doing what.
As far as I know, it *HAS* to be don