Samba, OX, Squid, etc.. with LDAP backend

Etienne Goyer etienne.goyer at outlands.ca
Mon May 28 14:28:09 UTC 2007


ml at bortal.de wrote:
> After checking out the LDAP Directory tree i was wondering what the 
> Organisation Units "DSA" and "ldmap" are good for?

Don't know about ou=DSA, but ou=idmap would be used to keep consistent
id map across several winbind instance (IIRC, I have not done the
Samba/LDAP dance in a while).  If you are not using winbind, and I am
fairly certain you are not, you do not need to worry about that.


> I also had a look at Collax PDC and they even have an additional 
> PosixGroup. Their tree looks like this:
> dc=example,dc=com
> + ou=ABook
> + ou=groups
> + ou=Infrastructure
> + ou=people
> + ou=posixgroups
> + sambaDomainName=MyDomain
> 
> Any idea why they have "groups" and "posixgroups"?

No idea, but I think that is fairly brain-dead.  IMHO, it is best to
have a DIT that is as flat as possible, given replication and
application constraints.  There is no point in sorting posixGroup and
other groups in different OU; if you need just the posixGroups, use an
an appropriate filter in your search instead of insisting on a different
search base.  But that's just me, opinions differ on the subject.


-- 
Etienne Goyer                                       0x3106BCC2

"For Bruce Schneier, SHA-1 is merely a compression algorithm."
http://geekz.co.uk/schneierfacts/fact/164

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20070528/ed553bc6/attachment.pgp>


More information about the ubuntu-server mailing list