Re: Where to start a migration from passwd/shadow/smbpasswd to openldap

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Friday, 26 March 2010 11:27:28 Götz Reinicke - IT-Koordinator wrote:
> Buchan Milne schrieb:

>> For the rgc2307 vs rfc2307bis group issue, I don't think samba
> > supports rfc2307bis, so you should go with rfc2307 (using memberUid for
> > denoting members of groups, holding the username, not the DN).


> "The nss_ldap library from PADL software (http://www.padl.com) supports
> this by enabling the library’s RFC2307bis extensions (pass the
> --enable-rfc2307bis option to the nss_ldap configure script when
> compiling) ..."
> 
> 
> And http://www.padl.com/OSS/nss_ldap.html mentions also Support for the
> RFC 2307/RFC 2307bis.
> 
> Or do I get something wrong?

nss_ldap supports rfc2307bis, but samba does not (AFAIK). If you are using 
Samba as a Domain Controller, the groups visible on windows clients (for local 
ACLs on windows computers, rights etc.) will not align with your unix groups 
if you use rfc2307bis.

Regards,
Buchan