samba - Jan 2011 - Winbind uselessly using up Idmap range in ldap

Hi,

We have just managed to get winbind behaving correctly in a Samba domain 
with Samba member servers with help from Sernet. It is now not adding 
spurious entries for the "own domain".

However, a member server keeps trying to add group mappings that already 
exist in the LDAP idmap ou. This would not be a problem, apart from the 
fact that every time it fails adding an entry, the "gidnumber"
attribute
in the idmap ou (that determines the next available gid number) is 
incremented. Thus, in a short while, it hits 20000 which is the upper 
limit. I also don't know why it tries to add a mapping if one already 
exists!

Here are logs from the DMS:

[2011/01/17 10:13:50.303702,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:13:50.303749,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:13:50.303768,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:13:50.303783,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:13:50.312693,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add 
S-1-5-21-8015792-1768810241-176008768-513 to 12350 mapping [gidNumber]
[2011/01/17 10:13:50.312747,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:13:50.318187,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:13:50.318225,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:13:50.318245,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:13:50.318263,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:13:50.329100,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12351 
mapping [gidNumber]
[2011/01/17 10:13:50.329152,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:16:01.024241,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:16:01.024285,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:16:01.024302,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:16:01.024317,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:16:01.033804,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add 
S-1-5-21-8015792-1768810241-176008768-513 to 12352 mapping [gidNumber]
[2011/01/17 10:16:01.033847,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:16:01.035771,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:16:01.035807,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:16:01.035832,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:16:01.035855,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:16:01.043636,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12353 
mapping [gidNumber]
[2011/01/17 10:16:01.043675,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:18:15.019605,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:18:15.019664,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:18:15.019682,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:18:15.019697,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:18:17.207189,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add 
S-1-5-21-8015792-1768810241-176008768-513 to 12354 mapping [gidNumber]
[2011/01/17 10:18:17.207235,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:18:17.208951,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:18:17.208978,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:18:17.208994,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:18:17.209009,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:18:17.216845,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12355 
mapping [gidNumber]
[2011/01/17 10:18:17.216874,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:20:34.446465,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:20:34.446506,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:20:34.446522,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:20:34.446537,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:20:36.631996,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add 
S-1-5-21-8015792-1768810241-176008768-513 to 12356 mapping [gidNumber]
[2011/01/17 10:20:36.632037,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:20:36.637324,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:20:36.637353,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:20:36.637370,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:20:36.637385,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:20:36.646479,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12357 
mapping [gidNumber]
[2011/01/17 10:20:36.646524,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:22:36.726247,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:22:36.726286,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:22:36.726305,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:22:36.726320,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:22:36.764044,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add 
S-1-5-21-8015792-1768810241-176008768-513 to 12358 mapping [gidNumber]
[2011/01/17 10:22:36.764087,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:22:36.765893,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:22:36.765929,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:22:36.765982,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:22:36.766008,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:22:36.774857,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12359 
mapping [gidNumber]
[2011/01/17 10:22:36.774896,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:24:41.446106,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:24:41.446146,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:24:41.446163,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:24:41.446178,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:24:41.454458,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add 
S-1-5-21-8015792-1768810241-176008768-513 to 12360 mapping [gidNumber]
[2011/01/17 10:24:41.454502,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)
[2011/01/17 10:24:41.456096,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module ldap already registered!
[2011/01/17 10:24:41.456132,  0] 
winbindd/idmap.c:201(smb_register_idmap_alloc)
   idmap_alloc module tdb already registered!
[2011/01/17 10:24:41.456158,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module passdb already registered!
[2011/01/17 10:24:41.456181,  0] winbindd/idmap.c:149(smb_register_idmap)
   Idmap module nss already registered!
[2011/01/17 10:24:41.467068,  0] 
winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12361 
mapping [gidNumber]
[2011/01/17 10:24:41.467107,  0] 
winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
   ldap_set_mapping_internals: Error was:  (Already exists)

Here is the relevant part of the DMS smb.conf:

idmap backend = ldap:ldap://pdc
idmap uid = 10000-20000
idmap gid = 10000-20000
ldap admin dn = cn=manager,dc=my,dc=net
ldap suffix = dc=ifa,dc=net
ldap idmap suffix = ou=Idmap

# the own domain, users come via nss_ldap:
idmap config MY_NET : backend = nss
idmap config MY_NET : range = 500-9999

winbind nested groups = yes
winbind use default domain = yes
winbind enum users = no
winbind enum groups = no
allow trusted domains = yes

and on the pdc:

ldap suffix = dc=my,dc=net
ldap machine suffix = ou=Computers,ou=Accounts
ldap user suffix = ou=People,ou=Accounts
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap

idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind nested groups = yes
winbind trusted domains only = yes
winbind use default domain = no
winbind enum users = yes
winbind enum groups = yes
allow trusted domains = yes

Any help to resolve this issue would be gratefully received.

Thanks

Alex

-- 
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number:
3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA
Register; number: 190856)

Apologies, typo in the below corrected (was trying to hide the real ldap 
suffix in my post and failed!):
> Here is the relevant part of the DMS smb.conf:
>
> idmap backend = ldap:ldap://pdc
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> ldap admin dn = cn=manager,dc=my,dc=net
> ldap suffix = dc=my,dc=net
> ldap idmap suffix = ou=Idmap
>
-- 
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number:
3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA
Register; number: 190856)

I started on samba 3.0.x and upgrades to 3.4.x.    Still having only 
partial success myself.    I have different "ou" objects in ldap for
the
allocation range and each trusted domain .


My smb.conf (editted somewhat) is below.

I would that the idmapping would be created in the correct OU for each 
domain.  I also found that the idmap id would be allocated from the 
"idmap alloc config" range, regardless of the range specified for the 
particular domain.     So  the an idmap entry would be created for the 
TRUSTEDOMAIN1 in the ou=trusteddomain container but with a UID in the 
30000 range not the 40000 range.


Not sure if this provides any insight.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


#IDMAP DEFAULT SETTINGS
idmap backend=ldap:ldap://ldap1.mydomain.com
idmap uid = 70000-79999
idmap gid = 70000-79999

#IDMAP ALLOC SETTINGS

idmap alloc backend = ldap
idmap alloc config:ldap_url = ldap://ldap1.mydomain.com
idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=mydomain.com
idmap alloc config:ldap_user_dn = cn=xxxxx
idmap alloc config:range = 30000 - 79999

#IDMAP SETTINGS FOR TRUSTEDDOMAIN1

idmap config TRUSTEDDOMAIN1:backend = ldap
idmap config TRUSTEDDOMAIN1:readonly = no
idmap config TRUSTEDDOMAIN1:default=no
idmap config TRUSTEDDOMAIN1:ldap_base_dn = 
ou=trusteddomain1,ou=idmap,o=mydomain.com
idmap config TRUSTEDDOMAIN1:ldap_user_dn = cn=xxxxx
idmap config TRUSTEDDOMAIN1:ldap_url = ldap://ldap1.mydomain.com
idmap config TRUSTEDDOMAIN1:range = 40000-49999








On 01/17/2011 05:27 AM, Alex Crow wrote:
> Hi,
>
> We have just managed to get winbind behaving correctly in a Samba 
> domain with Samba member servers with help from Sernet. It is now not 
> adding spurious entries for the "own domain".
>
> However, a member server keeps trying to add group mappings that 
> already exist in the LDAP idmap ou. This would not be a problem, apart 
> from the fact that every time it fails adding an entry, the 
> "gidnumber" attribute in the idmap ou (that determines the next 
> available gid number) is incremented. Thus, in a short while, it hits 
> 20000 which is the upper limit. I also don't know why it tries to add 
> a mapping if one already exists!
>
> Here are logs from the DMS:
>
> [2011/01/17 10:13:50.303702,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:13:50.303749,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:13:50.303768,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:13:50.303783,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:13:50.312693,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add 
> S-1-5-21-8015792-1768810241-176008768-513 to 12350 mapping [gidNumber]
> [2011/01/17 10:13:50.312747,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:13:50.318187,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:13:50.318225,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:13:50.318245,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:13:50.318263,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:13:50.329100,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12351 
> mapping [gidNumber]
> [2011/01/17 10:13:50.329152,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:16:01.024241,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:16:01.024285,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:16:01.024302,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:16:01.024317,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:16:01.033804,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add 
> S-1-5-21-8015792-1768810241-176008768-513 to 12352 mapping [gidNumber]
> [2011/01/17 10:16:01.033847,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:16:01.035771,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:16:01.035807,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:16:01.035832,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:16:01.035855,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:16:01.043636,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12353 
> mapping [gidNumber]
> [2011/01/17 10:16:01.043675,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:18:15.019605,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:18:15.019664,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:18:15.019682,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:18:15.019697,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:18:17.207189,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add 
> S-1-5-21-8015792-1768810241-176008768-513 to 12354 mapping [gidNumber]
> [2011/01/17 10:18:17.207235,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:18:17.208951,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:18:17.208978,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:18:17.208994,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:18:17.209009,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:18:17.216845,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12355 
> mapping [gidNumber]
> [2011/01/17 10:18:17.216874,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:20:34.446465,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:20:34.446506,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:20:34.446522,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:20:34.446537,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:20:36.631996,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add 
> S-1-5-21-8015792-1768810241-176008768-513 to 12356 mapping [gidNumber]
> [2011/01/17 10:20:36.632037,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:20:36.637324,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:20:36.637353,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:20:36.637370,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:20:36.637385,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:20:36.646479,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12357 
> mapping [gidNumber]
> [2011/01/17 10:20:36.646524,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:22:36.726247,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:22:36.726286,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:22:36.726305,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:22:36.726320,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:22:36.764044,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add 
> S-1-5-21-8015792-1768810241-176008768-513 to 12358 mapping [gidNumber]
> [2011/01/17 10:22:36.764087,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:22:36.765893,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:22:36.765929,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:22:36.765982,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:22:36.766008,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:22:36.774857,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12359 
> mapping [gidNumber]
> [2011/01/17 10:22:36.774896,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:24:41.446106,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:24:41.446146,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:24:41.446163,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:24:41.446178,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:24:41.454458,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add 
> S-1-5-21-8015792-1768810241-176008768-513 to 12360 mapping [gidNumber]
> [2011/01/17 10:24:41.454502,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
> [2011/01/17 10:24:41.456096,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module ldap already registered!
> [2011/01/17 10:24:41.456132,  0] 
> winbindd/idmap.c:201(smb_register_idmap_alloc)
>   idmap_alloc module tdb already registered!
> [2011/01/17 10:24:41.456158,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module passdb already registered!
> [2011/01/17 10:24:41.456181,  0] winbindd/idmap.c:149(smb_register_idmap)
>   Idmap module nss already registered!
> [2011/01/17 10:24:41.467068,  0] 
> winbindd/idmap_ldap.c:1471(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Failed to add S-1-5-32-546 to 12361 
> mapping [gidNumber]
> [2011/01/17 10:24:41.467107,  0] 
> winbindd/idmap_ldap.c:1473(idmap_ldap_set_mapping)
>   ldap_set_mapping_internals: Error was:  (Already exists)
>
> Here is the relevant part of the DMS smb.conf:
>
> idmap backend = ldap:ldap://pdc
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> ldap admin dn = cn=manager,dc=my,dc=net
> ldap suffix = dc=ifa,dc=net
> ldap idmap suffix = ou=Idmap
>
> # the own domain, users come via nss_ldap:
> idmap config MY_NET : backend = nss
> idmap config MY_NET : range = 500-9999
>
> winbind nested groups = yes
> winbind use default domain = yes
> winbind enum users = no
> winbind enum groups = no
> allow trusted domains = yes
>
> and on the pdc:
>
> ldap suffix = dc=my,dc=net
> ldap machine suffix = ou=Computers,ou=Accounts
> ldap user suffix = ou=People,ou=Accounts
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
>
> idmap backend = ldap:ldap://127.0.0.1
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind nested groups = yes
> winbind trusted domains only = yes
> winbind use default domain = no
> winbind enum users = yes
> winbind enum groups = yes
> allow trusted domains = yes
>
> Any help to resolve this issue would be gratefully received.
>
> Thanks
>
> Alex
>

On 17/01/11 16:33, Gaiseric Vandal wrote:
> I started on samba 3.0.x and upgrades to 3.4.x.    Still having only 
> partial success myself.    I have different "ou" objects in ldap
for
> the allocation range and each trusted domain .
>
>
> My smb.conf (editted somewhat) is below.
>
> I would that the idmapping would be created in the correct OU for each 
> domain.  I also found that the idmap id would be allocated from the 
> "idmap alloc config" range, regardless of the range specified for
the
> particular domain.     So  the an idmap entry would be created for the 
> TRUSTEDOMAIN1 in the ou=trusteddomain container but with a UID in the 
> 30000 range not the 40000 range.
>
>
> Not sure if this provides any insight.
>
Hi,

This is what sernet told me:

I had a lengthy discussion with the developer, who did (actually still does)
the rewrite of the idmap code for 3.6 which is urgently needed. It turns out
that there are much more limitations in the current code base than I thought.
Actually allocation can only be done by a single idmap backend and that is the
default backend.

So, it seems that idmap alloc backend cannot be used any more. I am 
using the default backend as suggested here.

Thanks

Alex

-- 
This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number:
3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA
Register; number: 190856)