[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heimdal/OpenLDAP/Samba howto and bugreport
Christopher írta:
>On Fri, 4 Jun 2004, [ISO-8859-2] G?mes G?za wrote:
>
>
>>What if users are in multiple organizational units: ou=Teachers,
>>ou=Students, etc..
>>I'm quite sceptical about the fact, that we could succesfuly implement
>>hdb-ldap on this setup :-(
>>What could be important for the future (Samba4=ADServer) this will make
>>it problematic, to have a separate ou=Hosts, ou=Computers, or
>>cn=Computers container.
>>
>>
>
>The sasl-regexp does a first match on multiple entries, so you would need some
>sort of distinguished method of naming principals - maybe put teachers into
>a separate realm, use host/<hostname> for computer containers, etc.
>
>sasl-regexp host/(.+),cn=GSSAPI,cn=auth
> dc=$1,ou=Hosts,o=bf
>sasl-regexp uid=(.+),cn=STAFF.YOUR.REALM,cn=GSSAPI,cn=auth
> uid=$1,ou=Teachers,o=bf
>...students, etc...
>sasl-regexp uid=(.+),cn=GSSAPI,cn=auth
> uid=$1,ou=People,o=bf
>
>--
>Christopher Maxwell
>christopher@themanor.net
>
>
>
Could it be also
sasl-regexp teachers/(.+),cn=GSSAPI,cn=auth
dc=$1,ou=Teachers,dc=something
sasl-regexp students/(.+),cn=GSSAPI,cn=auth
dc=$1,ou=Students,dc=something
? or it will break some functionality (Cyrus SASL, OpenSSH Kerberos
support, etc)
Thanks
Geza