I am playing with samba 3.6 and am wondering what is the best method for configuring an LDAP idmap backend? I would like my system to work with both local users, AD users, and AD users that already have unix attributes. I also have multiple trusted domains. So users could be cross-forest or cross-domain. Would something like the following work for this setup? ldap admin dn = CN=IdmapAdmin idmap config * : range = 1 - 1000 idmap config * : backend = tdb idmap config ALLDOMAINS : backend = ldap idmap config ALLDOMAINS : range = 1001-2147483647 idmap config ALLDOMAINS : ldap_url = ldap://localhost idmap config ALLDOMAINS : read only = yes Is ALLDOMAINS a valid entry to say "all trusted domains" or do I need to list each and every trusted domain in a separate idmap config? Also is the ldap admin a global setting that will work with the idmap backend when set to ldap, or do I also need to set idmap config ALLDOMAINS : ldap_user_dn = CN=IdmapAdmin -- Jayson www.thedailymanshow.com