Hello, all. I was wondering if anyone could help me with this configuration: I had a LDAP tree with this structure: dc=base + ou=unit1 + ou=People + ou=Groups + ou=Computers + ou=unit2 + ou=People + ou=Groups + ou=Computers + ou=unit3 + ou=People + ou=Groups + ou=Computers ... And I need people from unit1 logging on unit2, unit3, etc. First thing is to put all users on one SAMBA Domain, but: Does Samba support "sub" search for users without PAM? Any workaround? Is the only alternative to put everyone in one big group like this: dc=base + ou=People + ou=Groups + ou=Computers Considering less than 100.000 users (today only 10.000), is it good or bad? I read man pages, search google and asked some IRC Channels, but I didn't found anything. Thanks. -- Daniel Cristian Cruz $B%/%k%:(B $B%/%j%9%A%"%s(B $B%@%K%(%k(B
Daniel Cristian Cruz wrote:> I had a LDAP tree with this structure: > > dc=base > + ou=unit1 > + ou=People > + ou=Groups > + ou=Computers > + ou=unit2 > + ou=People > + ou=Groups > + ou=Computers > + ou=unit3 > + ou=People > + ou=Groups > + ou=Computers > ... > > And I need people from unit1 logging on unit2, unit3, etcWhat is the purpose of splitting your users/groups/computers into these units? Especially if (as you're inferred from your post) there's no difference in login privileges between units? Daniel
Yes, each unit has it's own PDC, but each one need to authenticate all users from the organization. I think there is no other way than using all users under the same container, but I'm not a Samba+LDAP specialist, maybe I let something out on my readings. Sorry if this message was replicated, some weird things happening through google groups. 2007/10/18, Daniel Cristian Cruz <danielcristian@gmail.com>:> > Hello, all. > > I was wondering if anyone could help me with this configuration: > > I had a LDAP tree with this structure: > > dc=base > + ou=unit1 > + ou=People > + ou=Groups > + ou=Computers > + ou=unit2 > + ou=People > + ou=Groups > + ou=Computers > + ou=unit3 > + ou=People > + ou=Groups > + ou=Computers > ... > > And I need people from unit1 logging on unit2, unit3, etc. > > First thing is to put all users on one SAMBA Domain, but: > > Does Samba support "sub" search for users without PAM? Any workaround? > > Is the only alternative to put everyone in one big group like this: > > dc=base > + ou=People > + ou=Groups > + ou=Computers > > Considering less than 100.000 users (today only 10.000), is it good or > bad? > > I read man pages, search google and asked some IRC Channels, but I > didn't found anything. > > Thanks. > > -- > Daniel Cristian Cruz > $B%/%k%:(B $B%/%j%9%A%"%s(B $B%@%K%(%k(B-- Daniel Cristian Cruz $B%/%k%:(B $B%/%j%9%A%"%s(B $B%@%K%(%k(B
Daniel Cristian Cruz napisa?(a):> On Oct 18, 12:00 pm, Marcin Giedz <gi...@arise.pl> wrote: > >> This might be a need if you have several PDCs (samba domains) running on >> one LDAP server. I've had such structure for several years and it works OK. >> >> M. >> > > Marcin, > > I didn't get what structure you use. Many PDC's with an ou for each, >yes exactly .... Every PDC has his OWN SID that's why I need to split it to different trees in LDAP. Like e.g ou=domain1,dc=xx,dc=x, ou=domain2,dc=xx,dc=x, etc> or all PDC's in the same LDAP People, Group and Machines? >NO! M.> Thank you, > > Daniel Cristian > >-- ARISE M.Giedz, T.?ebru? sp.j. http: www.arise.pl mail: giedz@arise.pl tel: +48 502 537 157
To require what you are doing you will need multiple database definition's
in your slapd.conf each with its own directory, you then can search each base
independently.
You will need to setup interdomain trusts between the pdc's which is
described in the how to's.
Adrian Sender
2007/10/18, Daniel Cristian Cruz :
>
> Hello, all.
>
> I was wondering if anyone could help me with this configuration:
>
> I had a LDAP tree with this structure:
>
> dc=base
> + ou=unit1
> + ou=People
> + ou=Groups
> + ou=Computers
> + ou=unit2
> + ou=People
> + ou=Groups
> + ou=Computers
> + ou=unit3
> + ou=People
> + ou=Groups
> + ou=Computers
> ...
>
> And I need people from unit1 logging on unit2, unit3, etc.
>
> First thing is to put all users on one SAMBA Domain, but:
>
> Does Samba support "sub" search for users without PAM? Any
workaround?
>
> Is the only alternative to put everyone in one big group like this:
>
> dc=base
> + ou=People
> + ou=Groups
> + ou=Computers
>
> Considering less than 100.000 users (today only 10.000), is it good
or
> bad?
>
> I read man pages, search google and asked some IRC Channels, but I
> didn't found anything.
>
> Thanks.
>
> --
> Daniel Cristian Cruz
> $B%/%k%:(B $B%/%j%9%A%"%s(B $B%@%K%(%k(B
_________________________________________________________________
What are you waiting for? Join Lavalife FREE
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3Den%5FAU%26a%3D30288&_t=764581033&_r=email_taglines_Join_free_OCT07&_m=EXT
Apparently Analagous Threads
- Continuous pings going through a full DROP policy
- Skipping lines and incomplete rows
- [LLVMdev] Unexpected behaviour of the LLVM gold plugin with --allow-multiple-definition
- Disabling Auto-complete
- DO NOT REPLY [Bug 3784] New: Showing Progress without being Verbose