hi,
can somebody explain, how the idmap backend with ldap works exactly.
sorry for that stupid questions, but the docu is not clear for me.
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
idmapper.html#id2588292
i understand the idmap topic/difficulty, why i need this, but how the
ldap get filled with idmap entries? automatically/dynamically if
winbind is running? or manually/statically if the user created maybe
"readonly"? or i have to care myself? because if i add
idmap backend = ldap:ldap://ldap1.foo.bla
ldap idmap suffix = ou=idmap
idmap uid = 10000-30000
idmap gid = 10000-30000
on DC nothing happens. the ou is still empty and the ldap log shows
something like
.......conn=41240 op=36 SRCH base="ou=idmap,...,dc=org" scope=1
filter="(objectClass=*)"
we have 3 samba domains with trusts over vpn no proplem, but now i
want to add a samba domain member server. i got only the server
runing with nss/ldap only. all my unix accounts are in ldap, groups
too. is it right that i need in the nsswitch.conf the ldap entry too
and not only "passwd: files winbind"? i guess, but winbind
reports allways "group xy not found" if i connect to a share on the
domain member server.
is it possible to get idmap example configurations (smb.conf), one
for the samba DC with ldapsam and one for a samba domain member?
if i need to add the entry manually, can somebody explain the
following objectclasses, maybe with an ldif-file (sambaIdmapEntry and
sambaUnixIdPool are clear, i guess):
objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top
STRUCTURAL
DESC 'Structural Class for a SID'
MUST ( sambaSID ) )
objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top
AUXILIARY
DESC 'Samba Configuration Section'
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top
STRUCTURAL
DESC 'Samba Share Section'
MUST ( sambaShareName )
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP
top STRUCTURAL
DESC 'Samba Configuration Option'
MUST ( sambaOptionName )
MAY ( sambaBoolOption $ sambaIntegerOption $
sambaStringOption $
sambaStringListoption $ description ) )
objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top
AUXILIARY
DESC 'Samba Privilege'
MUST ( sambaSID )
MAY ( sambaPrivilegeList ) )
because i need this for our free web based tool, which managed the
whole network
(www.ideaweb.de/netmc.php)
and now my last questions, is it possible to set up network with the
following conditions if the idmap tables are on ldap:
the samba DC can allways establish a connection to the ldap, all
clients and to the samba domain member (additional fileserver).
the clients can reach both server (dc and fileserver) but the
fileserver can not establish a connection to the pdc through the
firewall or to all clients only to the ldap. we want a fileserver
with webdav/modperl (webdrive) to access the samba files, located in
an unsafe network (dmz).
many thanks for helping, thomas
sorry for my english =)
