Sergey Proskurnya
2003-Nov-10 13:44 UTC
[Samba] Winbind+OpenLDAP: Id mapping data is stored partially
Hello to all, I have installed Samba 3.0.0 PDC + OpenLDAP 2.1. Additionally, I use "wbinfo -c" to create users and winbindd + libnss_winbind.so to resolve these users in Unix (SID <-> Unix id mapping). But I have found that users' data, created by "wbinfo -c" command, is not completely stored in LDAP backed. The "sambaUnixIdPool" objectclass is stored in LDAP, but "sambaIdmapEntry" is not. Instead of, there is a file "/var/locks/winbindd_idmap.tdb", which contains actual SID<->uid mappings among with users' template information (UNIX user's home, shell and etc). The question: how can I get winbindd to store all information in LDAP backend? These are settings related to winbind: winbind enable local accounts = yes winbind separator=@ idmap backend = ldap:ldap://localhost:389/ idmap uid = 20000-30000 idmap gid = 20000-30000 winbind enum groups = yes winbind enum users = yes winbind cache time = 5 winbind use default domain = yes template homedir = /home/%U template shell = /bin/false template primary group = users Thanks, Sergey Proskurnya.
Gerald (Jerry) Carter
2003-Dec-05 16:52 UTC
[Samba] Winbind+OpenLDAP: Id mapping data is stored partially
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sergey Proskurnya wrote:> Hello to all, > > I have installed Samba 3.0.0 PDC + OpenLDAP 2.1. > Additionally, I use "wbinfo -c" to create users > and winbindd + libnss_winbind.so to resolve these > users in Unix (SID <-> Unix id mapping). > But I have found that users' data, created by > "wbinfo -c" command, is not completely stored > in LDAP backed.Correct. This is by design.> The "sambaUnixIdPool" objectclass is stored in LDAP, > but "sambaIdmapEntry" is not. Instead of, there is > a file "/var/locks/winbindd_idmap.tdb", which contains > actual SID<->uid mappings among with users' template > information (UNIX user's home, shell and etc). > > The question: how can I get winbindd to store all > information in LDAP backend?You need to define your own add users scripts. This is explained in the WHATSNEW IIRC. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song" --Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/0LeuIR7qMdg1EfYRAhelAKDyqI660FcFGEniT2DagElAvFJdaACgyQoG 1TBcp6t/f8hugVlbT6EVwdc=tM4R -----END PGP SIGNATURE-----