Hello,
I don't completely understand the BDC setup as described in the Chapter
6 of The Official Samba-3 HOWTO and Reference Guide.
The reason is that the example setup uses LDAP idmap backend. For
simplicity, the solution is discussed when both PDC and BDC use a Single
Central LDAP Server. (I have never experimented with BDCs before, but
have already set up a LDAP-backed PDC).
As I understand, LDAP is used there for two purposes. First, the account
database is there (typically, in sambaSamAccounts under
ou={People,Computers},dc=example,dc=com, and in sambaGroupMappings under
ou=Groups,dc=example,dc=com). Second, the mapping between SIDs, uids and
gids is stored under ou=Idmap,dc=example,dc=com in sambaIdmapEntries and
sambaSidEntries. Right?
However, it also looks possible to store posix account information in
posixAccounts under ou={People,Computers},dc=example,dc=com, as in fact
many tools (LAM and those from IDEALX) do. Does it really work in a PDC
+ BDC setup?
Are those two methods of storing uids and gids really mutually
exclusive, as I suspect? What are benefits and drawbacks of each?
Do I really need to set up idmap things and run winbindd if I want to
keep posix information in posixAccounts?
Thanks in advance,
--
Alexander E. Patrakov
