On Tue, 11 Jun 2024 17:02:58 +0100 Luis Peromarta via samba <samba at lists.samba.org> wrote:> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For what > purpose ?Good question. The only real use could be if you are adding rfc2307 attributes to AD AND using the DC as a fileserver (not recommended) AND also running Unix domain members using the 'ad' idmap backend. Even then, I am not convinced.> > I don?t see any use for it then.I am beginning to think the same. Rowland
Me neither. AND only if you need to sync files from a DC to a member server or viceversa, so uids and gids match. Otherwise I?d say no use. Why idmap_ldb:use rfc2307 = yes? by default then??when provisioning with rfc2307 ? We are giving instructions to new users how to set up AD idmapping and it is so very complicated because of this, the documentation is confusing at times. If using AD idmap , give gidNumbers, but not to ?Domain Admins?, create an extra group ?Unix Admins?, don?t use this here, don?t use that there. For a newbie I believe it is too complex.??Things would be much easier with a ?idmap_ldb:use rfc2307 = no? in a DC. Wouldn?t it ? LP On Jun 11, 2024 at 17:12 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote:> > I am not convinced.
On 12/06/24 04:12, Rowland Penny via samba wrote:> On Tue, 11 Jun 2024 17:02:58 +0100 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > >> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For what >> purpose ? > > Good question. The only real use could be if you are adding rfc2307 > attributes to AD AND using the DC as a fileserver (not recommended) AND > also running Unix domain members using the 'ad' idmap backend. Even > then, I am not convinced. > >> >> I don?t see any use for it then. > > I am beginning to think the same.I see https://bugzilla.samba.org/show_bug.cgi?id=9840 ('"idmap_ldb:use rfc2307" is undocumented') is ready for anyone who wants to fix a bug! Douglas