[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/OpenLDAP/Samba howto and bugreport

To: heimdal-discuss@sics.se
Subject: Re: Heimdal/OpenLDAP/Samba howto and bugreport
From: Christopher <cmaxwell@themanor.net>
Date: Fri, 4 Jun 2004 14:09:38 -0401 (EDT)
In-Reply-To: <40C0A512.7080806@kzsdabas.sulinet.hu>
References: <1085567567.3321.234.camel@elprinsessekaja.mail.nu.no> <amr7t6f75f.fsf@nutcracker.stacken.kth.se> <1085671043.3320.2434.camel@elprinsessekaja.mail.nu.no> <am65ahsw7u.fsf@nutcracker.stacken.kth.se> <1085743718.3590.224.camel@elprinsessekaja.mail.nu.no> <am1xl38sne.fsf@nutcracker.stacken.kth.se> <1085844153.1553.24.camel@heimen.local> <amu0xwvkt0.fsf@nutcracker.stacken.kth.se> <1086034156.3165.423.camel@elprinsessekaja.mail.nu.no> <amllj6owyt.fsf@nutcracker.stacken.kth.se> <1086363713.3335.107.camel@elprinsessekaja.mail.nu.no><40C0A512.7080806@kzsdabas.sulinet.hu>
Sender: owner-heimdal-discuss@sics.se

On Fri, 4 Jun 2004, [ISO-8859-2] Gémes Géza wrote:
> What if users are in multiple organizational units: ou=Teachers, 
> ou=Students, etc..
> I'm quite sceptical about the fact, that we could succesfuly implement 
> hdb-ldap on this setup :-(
> What could be important for the future (Samba4=ADServer) this will make 
> it problematic, to have a separate ou=Hosts, ou=Computers, or 
> cn=Computers container.

The sasl-regexp does a first match on multiple entries, so you would need some
sort of distinguished method of naming principals - maybe put teachers into
a separate realm, use host/<hostname> for computer containers, etc.

sasl-regexp host/(.+),cn=GSSAPI,cn=auth
	dc=$1,ou=Hosts,o=bf
sasl-regexp uid=(.+),cn=STAFF.YOUR.REALM,cn=GSSAPI,cn=auth
	uid=$1,ou=Teachers,o=bf
...students, etc...
sasl-regexp uid=(.+),cn=GSSAPI,cn=auth
	uid=$1,ou=People,o=bf

--
Christopher Maxwell
christopher@themanor.net

Follow-Ups:
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>

References:
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Love <lha@stacken.kth.se>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Tarjei Huse <tarjei@nu.no>
- Re: Heimdal/OpenLDAP/Samba howto and bugreport
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>

Prev by Date: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Next by Date: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Prev by thread: kadmin getting incorrect domain name.
Next by thread: Re: Heimdal/OpenLDAP/Samba howto and bugreport
Index(es):
- Date
- Thread