Bernd Waldboth
2003-Nov-06 21:55 UTC
[Samba] Winbind + LDAP Idmap backend finally running!
After many hours of trial and error I finally managed to get my Winbind server with Ldap Idmap backend up and running. I even had to go through parts of the sources but finally I found out what the reason was why my LDAP db never was updated. The problem was that at some point the uid/gid to sid mapping function referred to the "ldap idmap suffix" and at other times to "ldap group suffix" entries in the smb.conf (the exact name of the function is ldap_get_id_from_sid). The solution was to point both "ldap idmap suffix" and "ldap group suffix" (and to be sure also "ldap user suffix" and "ldap machine suffix") in the smb.conf to the desired idmap ou. I don't know if this was the desired behavior or not. Another thing I found out was that I had to remove the "ldap suffix" entry. I hope I could help someone with the same problem. sugo
Gerald (Jerry) Carter
2003-Nov-06 22:03 UTC
[Samba] Winbind + LDAP Idmap backend finally running!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bernd Waldboth wrote: | After many hours of trial and error I finally managed to get my Winbind | server with Ldap Idmap backend up and running. I even had to go through | parts of the sources but finally I found out what the reason was why my | LDAP db never was updated. | | The problem was that at some point the uid/gid to sid mapping function | referred to the "ldap idmap suffix" and at other times to "ldap group | suffix" entries in the smb.conf (the exact name of the function is | ldap_get_id_from_sid). | | The solution was to point both "ldap idmap suffix" and "ldap group | suffix" (and to be sure also "ldap user suffix" and "ldap machine | suffix") in the smb.conf to the desired idmap ou. I don't know if this | was the desired behavior or not. | | Another thing I found out was that I had to remove the "ldap suffix" | entry. | | I hope I could help someone with the same problem. Would you mind trying the patch got bug #680 at https://bugzilla.samba.org/ and amke sure it doesn't break things for you? I'm about to change something here but I want to get some testing on it first. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qsU2IR7qMdg1EfYRAiI0AKC1km4v78bSwzQPE6Rko++rYKqaEgCfY2me LPLqkHyHIZDTAEef87LZh2g=9DoO -----END PGP SIGNATURE-----