Adam Tauno Williams wrote:
Is your Samba server binding as your manager/admin DN? Don't do that, ever. Create a bind context for Samba and use ACLs to give that context the access it requires. I don't know if it will fix Samba +ppolicy but it is the correct thing to do either way.
Correct. As the slapo-ppolicy(5) manpage states, the admin DN bypasses most policy restrictions.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
