Thank you for your reply Bill.
This module don't seems to be implemented on openLDAP 2.2 Release and I
can't modify our existent LDAP database. But I'll think of it if we
decide to change the openLDAP release.
What I would like to know is if it's possible to redefine the 'ldap
filter' parameter in an other place than in the smb.conf file ?
Thanks
Norbert
William Jojo a écrit :
----- Original Message -----
From: "Norbert Gomes" <[EMAIL PROTECTED]>
To: "samba" <[email protected]>
Sent: Wednesday, February 08, 2006 5:46 AM
Subject: [Samba] ldap authentication without 'ldap filter' parameter
Hello
I'm trying to update samba from 3.0.11 to 3.0.21 and I noticed that the
'ldap filter' paramater has been removed.
After some search, I read that I have to configure nss_ldap. But I don't
know how to configure it properly to operate with our LDAP database.
Let me explain :
We used the 'ldap filter' parameter like this :
ldap filter = (&(iufmLogin=%u)(gecos=#*))
Well, I understand your position. Tree management can be tough.
What you could look at if you are using OpenLDAP is:
http://www.openldap.org/software/man.cgi?query=slapo-rwm&sektion=5&apropos=0&manpath=OpenLDAP+2.3-Release
This is the rewrite module. It allows you to remap attributes and create
conditional changes to client searches and server replies. It works for
updates as well, so it's not just smoke and mirrors. This *might* help you
out of your jam.
I looked at this for our installation (we have a single tree that's used
among several DC's with trusts), but with the impending changes for
enumerating group RIDs, our own use of group mappings, future AD (read Samba
4) implementation and other political considerations, I've decided to script
a tree transform instead.
Cheers,
Bill
Our authentication is based on the 'iufmLogin' attribute (we cannot use
the 'uid' attribute) and the gecos has to start with the '#' character
for the user to be authenticated.
But my problem is that I can't parameter the /etc/ldap.conf file to use
these filters.
I tried to put this in the /etc/ldap.conf file :
pam_filter iufmLogin=%s
pam_login_attribute iufmLogin
But the system seems to ignore these filters and it only uses the 'uid'
attribute when I try the 'getent passwd' command.
Can someone explain me how to do this correctly ?
Thanks
Norbert Gomes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
