On Friday, 26 March 2010 11:27:28 Götz Reinicke - IT-Koordinator wrote:
Buchan Milne schrieb:
For the rgc2307 vs rfc2307bis group issue, I don't think samba supports rfc2307bis, so you should go with rfc2307 (using memberUid for denoting members of groups, holding the username, not the DN).
"The nss_ldap library from PADL software (http://www.padl.com) supports this by enabling the library’s RFC2307bis extensions (pass the --enable-rfc2307bis option to the nss_ldap configure script when compiling) ..."
And http://www.padl.com/OSS/nss_ldap.html mentions also Support for the RFC 2307/RFC 2307bis.
Or do I get something wrong?
nss_ldap supports rfc2307bis, but samba does not (AFAIK). If you are using Samba as a Domain Controller, the groups visible on windows clients (for local ACLs on windows computers, rights etc.) will not align with your unix groups if you use rfc2307bis.
Regards, Buchan