Am Freitag 26 März 2010 14:29:04 schrieb Buchan Milne:
On Friday, 26 March 2010 11:27:28 Götz Reinicke - IT-Koordinator wrote:
Buchan Milne schrieb:
For the rgc2307 vs rfc2307bis group issue, I don't think samba supports rfc2307bis, so you should go with rfc2307 (using memberUid for denoting members of groups, holding the username, not the DN).
"The nss_ldap library from PADL software (http://www.padl.com) supports this by enabling the library’s RFC2307bis extensions (pass the --enable-rfc2307bis option to the nss_ldap configure script when compiling) ..."
And http://www.padl.com/OSS/nss_ldap.html mentions also Support for the RFC 2307/RFC 2307bis.
Or do I get something wrong?
nss_ldap supports rfc2307bis, but samba does not (AFAIK). If you are using Samba as a Domain Controller, the groups visible on windows clients (for local ACLs on windows computers, rights etc.) will not align with your unix groups
IIRC that depends on the samba configuration. I.e. if you have ldapsam:trusted=yes in smb.conf your statement is true. But the default for ldapsam:trusted is "no" (at least according to the smb.conf man-page) and then samba will use the NSS Subsystem (and through that nss_ldap, if configured) to access user and group information. So unless you use ldapsam:trusted=yes, the rfc2307bis is usable with Samba as well.