Erik Forsberg
2007-Feb-21 15:51 UTC
[Samba] User/Group HWM ignored when converting idmap from tdb to LDAP
Hi! I'm trying to convert my tdb-based idmap mapping to a LDAP-based one. This generally works as intended, with one exception - the highest uidNumber/gidNumber in use is not transferred, and this causes duplicate use of the same uid/gidNumber. Here's what I'm doing: 1) net idmap dump /var/cache/samba/winbindd_idmap.tdb > idmap.dump 2) Set idmap backend in smb.conf to ldap:ldap://myldapserver. 3) net idmap restore < idmap.dump, which gives me the following output: ignoring invalid line [USER HWM 10002] ignoring invalid line [GROUP HWM 10008] USER HWM: 10000 GROUP HWM: 10000 Now, the problem is that the uidNumber and gidNumber on the object in the LDAP database with the sambaUnixIdPool object class are not set to the highest values in use from idmap.dump, but instead to the low value in the 'idmap uid' and 'idmap gid' ranges set in smb.conf. When new user or group objects are added to the idmap database, the values from the sambaUnixIdPool object will be used. This means that if uidNumber on the sambaUnixIdPool is set to 10000, and there is already a SID<->uidNumber mapping using uidNumber 10000, there will be two different SID<->uidNumber mappings using uidNumber 10000. Is this a bug, or am I doing something wrong? Regards, \EF -- Erik Forsberg OpenSource-based Thin Client Technology Systems Analyst/Developer Phone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com
simo
2007-Feb-21 15:54 UTC
[Samba] User/Group HWM ignored when converting idmap from tdb to LDAP
On Wed, 2007-02-21 at 16:49 +0100, Erik Forsberg wrote:> Hi! > > I'm trying to convert my tdb-based idmap mapping to a LDAP-based > one. This generally works as intended, with one exception - the > highest uidNumber/gidNumber in use is not transferred, and this causes > duplicate use of the same uid/gidNumber. > > Here's what I'm doing: > > 1) net idmap dump /var/cache/samba/winbindd_idmap.tdb > idmap.dump > > 2) Set idmap backend in smb.conf to ldap:ldap://myldapserver. > > 3) net idmap restore < idmap.dump, which gives me the following > output: > > ignoring invalid line [USER HWM 10002] > ignoring invalid line [GROUP HWM 10008] > USER HWM: 10000 GROUP HWM: 10000 > > Now, the problem is that the uidNumber and gidNumber on the object in > the LDAP database with the sambaUnixIdPool object class are not set to > the highest values in use from idmap.dump, but instead to the low > value in the 'idmap uid' and 'idmap gid' ranges set in smb.conf. > > When new user or group objects are added to the idmap database, the > values from the sambaUnixIdPool object will be used. This means that > if uidNumber on the sambaUnixIdPool is set to 10000, and there is > already a SID<->uidNumber mapping using uidNumber 10000, there will be > two different SID<->uidNumber mappings using uidNumber 10000. > > Is this a bug, or am I doing something wrong?What version of samba? Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: idra@samba.org http://samba.org
Erik Forsberg
2007-Feb-21 15:57 UTC
[Samba] Re: User/Group HWM ignored when converting idmap from tdb to LDAP
simo <idra@samba.org> writes:>> When new user or group objects are added to the idmap database, the >> values from the sambaUnixIdPool object will be used. This means that >> if uidNumber on the sambaUnixIdPool is set to 10000, and there is >> already a SID<->uidNumber mapping using uidNumber 10000, there will be >> two different SID<->uidNumber mappings using uidNumber 10000. >> >> Is this a bug, or am I doing something wrong? > > What version of samba?3.0.22. Sorry, obviously that should have been part of my original post! :-) \EF -- Erik Forsberg OpenSource-based Thin Client Technology Systems Analyst/Developer Phone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com
simo
2007-Feb-21 16:10 UTC
[Samba] Re: User/Group HWM ignored when converting idmap from tdb to LDAP
On Wed, 2007-02-21 at 16:56 +0100, Erik Forsberg wrote:> simo <idra@samba.org> writes: > > >> When new user or group objects are added to the idmap database, the > >> values from the sambaUnixIdPool object will be used. This means that > >> if uidNumber on the sambaUnixIdPool is set to 10000, and there is > >> already a SID<->uidNumber mapping using uidNumber 10000, there will be > >> two different SID<->uidNumber mappings using uidNumber 10000. > >> > >> Is this a bug, or am I doing something wrong? > > > > What version of samba? > > 3.0.22. > > Sorry, obviously that should have been part of my original post! :-)Any chance you can try with 3.0.24 and report a bug in bugzilla if it is still the case? Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: idra@samba.org http://samba.org
Erik Forsberg
2007-Feb-22 10:42 UTC
[Samba] Re: User/Group HWM ignored when converting idmap from tdb to LDAP
simo <idra@samba.org> writes:>> 3.0.22. >> >> Sorry, obviously that should have been part of my original post! :-) > > Any chance you can try with 3.0.24 and report a bug in bugzilla if it is > still the case?Tested today - bug still exists in 3.0.24 compiled from official samba sources. https://bugzilla.samba.org/show_bug.cgi?id=4405 has been added. Regards, \EF -- Erik Forsberg OpenSource-based Thin Client Technology Systems Analyst/Developer Phone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com