I'm trying to setup an idmap ldap backend for a Samba member server in an ADS domain. I'm using Samba 3.0.14a as distributed in Fedora Core 4. All the LDAP stuff seems to work, except the LDAP database is not being populated. The only thing happening is Samba modifying the ou=Idmap,dc=mydomain,dc=com dn. I was under the impression that Samba would automatically populate the LDAP database, like it does for a local idmap database. Or is one supposed to populate the database by hand? Thanks, Pim
? ????????? ?? 31 ?????? 2006 20:30 Pim Zandbergen ???????(a):> I was under the impression that Samba would automatically populate > the LDAP database,What do you mean 'automatically populate' ? it is *your* decision about how to organize account database in ldap. Consider http://www.idealx.org/prj/samba/index.en.html (manual and smbldap-tools itself) as travel guide.
I wrote:> All the LDAP stuff seems to work, except the LDAP database is not > being populated. The only thing happening is Samba modifying the > ou=Idmap,dc=mydomain,dc=com dn. >It appears Samba _is_ able to auto-populate the ldap backend with sid-to-uid mappings. The HOWTO in 3.0.14a says to put this into /etc/nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap But it only works for me if I replace "ldap" with "winbind". I assumed that once the ldap backend was populated, other Samba servers would be able to read the mappings using ldap directly, but this is not the case. Every Samba server in the domain needs this setting in order to use the idmap backend. Pim