Roger Oberholtzer wrote:
On Fri, 2009-11-20 at 22:28 +0100, Lars Müller wrote:
On Wed, Nov 18, 2009 at 05:09:21PM +0100, Roger Oberholtzer wrote:
We have thousands of users in the Active Directory. I really do not want all of them to have access. In the LDAP entry, there is a OU= field for those I want to be able to log in. Is it possible to limit login to those in some specified OU= ?
See the ldap setting examples from the samba-doc package in /usr/share/doc/packages/samba/examples/smb.conf.SUSE
Plus the explanations in the smb.conf man page.
I have now looked here. I am none the wiser.
I didn't notice the original thread. If you want to limit LDAP authentication to an OU, you need to change ldap.conf and adapt nss_base_* there. (That's the conf file used by pam_ldap.) If all persons are below the OU, that's easy, you need to specify the respective new base DN. If not, you need to specify that as an filter, then it gets a bit more complex, but the commented config clauses in this file should give you an hint. If you want the other uids to be invisible, you also need to change nss-ldap.conf and change "base *" there. I don't know enough about your setup to be more specific. I also don't know if that can be done via yast. Nevertheless, HTH Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org