[samba-jp:19917] Re: sambaからLDAP内ユーザ情報を検索する際の検索ベース

[YAMASAKI Hiroyuki]

山崎と申します。

>現象: LDAP連携を行なう場合、ユーザ情報を検索するときには、
>      ldap suffix の値を使い、 ldap user suffix を使わない。
>      グループ情報を検索するときには ldap group suffix を使う。

上記の件と関連するのかどうかわかりませんが、以下のメールの★あたりで
「新しいオブジェクトを作るときだけldap xx suffixを使い、サーチ
するときには常にldap suffixを使う」と言っているように見えます。

===============================================================
From:     Volker.Lendecke at SerNet.DE (Volker Lendecke)
Date:     Sat Oct 14 08:07:16 2006
Subject:  [Samba] smb.conf ignores "ldap user suffix"

On Fri, Oct 13, 2006 at 02:30:23PM -0700, Tri Tu wrote:
> Seems like there is a bug in samba configuration with the version 3.0.22 
> or later that it doesn't read the configuration variable within the 
> smb.conf for ldap settings
> 
> ldap user suffix =

We are not consistent here, true. In what sense does it
really cause a problem for you instead of being a bit
inconvenent in the log file?

★My general idea with the ldap_xx_suffix parameters would in
general be to use them only when we create new objects and
when searching do subtree level searches starting from 'ldap
suffix' always. The inconsistent search behaviour has caused
quite a number of bugs already, in particular with idmap and
group mapping.

So would anybody object if we changed the use of the
ldap_xx_suffix parameters to be only used when creating
objects?

Thanks,

Volker
===============================================================