[EMAIL PROTECTED] wrote: > After checking out the LDAP Directory tree i was wondering what the > Organisation Units "DSA" and "ldmap" are good for?
Don't know about ou=DSA, but ou=idmap would be used to keep consistent id map across several winbind instance (IIRC, I have not done the Samba/LDAP dance in a while). If you are not using winbind, and I am fairly certain you are not, you do not need to worry about that. > I also had a look at Collax PDC and they even have an additional > PosixGroup. Their tree looks like this: > dc=example,dc=com > + ou=ABook > + ou=groups > + ou=Infrastructure > + ou=people > + ou=posixgroups > + sambaDomainName=MyDomain > > Any idea why they have "groups" and "posixgroups"? No idea, but I think that is fairly brain-dead. IMHO, it is best to have a DIT that is as flat as possible, given replication and application constraints. There is no point in sorting posixGroup and other groups in different OU; if you need just the posixGroups, use an an appropriate filter in your search instead of insisting on a different search base. But that's just me, opinions differ on the subject. -- Etienne Goyer 0x3106BCC2 "For Bruce Schneier, SHA-1 is merely a compression algorithm." http://geekz.co.uk/schneierfacts/fact/164
signature.asc
Description: OpenPGP digital signature
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
