From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031114 Description of problem: account objectclass's attribute 'host' was used in previous versions of RedHat to allow/deny user access to different hosts on network for users stored in ldap backend. The openldap schemas was changed in 2.1. Objectclass account is STRUCTURAL. sambaSAMaccount objectclass is STRUCTURAL too. So there cannt exist ldap users what can access unix shell and samba service. Leaving host attribute empty and not using account objectclass make result to not be able to select users access to different hosts. To resolve this issue, you need cooperation of PADL.COM and openldap.org. Maybe changing account objectclass to structural will be solution. This is good example of fact how RedHat linux is ready for enterprise market. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: . Additional info:
We can fix it by using ldapns.schema. So I did set #121843 as blocker.
Objectclass sambaSamAccount is AUXILIARY in samba-3.0.9's samba.schema from Fedora Core 3, now. Objectclass account from cosine.schema is not used anymore. Closing this bug as DEFFERED.