Thorsten Scherf wrote:
On Wed, 06.10.2004 Igor Belyi wrote:
Thorsten Scherf wrote:
hi,
I set up a winbindd with a ldap backend, here is the relevant part of my smb.conf:
idmap backend = ldap:ldap://mail.rhel.homelinux.com ldap admin dn = cn=winbind,dc=example,dc=com ldap suffix = dc=example,dc=com ldap idmap suffix = ou=idmap
On the ldap server I set up the ou=idmap and also permissions for cn=winbind to write into the ou=idmap:
access to dn="(.),ou=idmap,dc=example,dc=com"
by dn="cn=winbind,dc=example,dc=com"
by * read
Did you try to change your 'what' part of the access to:
dn.subtree="ou=idmap,dc=example,dc=com"
this works fine.
but what is the difference to "dn=(.*),ou=idmap,dc=example,dc=com"?
with my understanding of the ldap-access rules it should just be a performance issue, souldn't it?!
I think the difference is that you forgot to add '.regexp' to your access statement. It should have been:
dn.regexp="(.*),ou=idmap,dc=example,dc=com"
otherwise it was matching dn as it is without applying regular expression rules.
Hope it helps, Igor
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
