[Samba] samba4 DC, internal winbind_server: external idmap problem
Andy Igoshin
ai at vsu.ru
Sun Dec 8 09:50:25 MST 2013
On Sun, 08 Dec 2013 09:58:59 +0100
steve <steve at steve-ss.com> wrote:
> On Sun, 2013-12-08 at 01:08 +0400, Andy Igoshin wrote:
> > On Sat, 07 Dec 2013 19:05:51 +0100
> > steve <steve at steve-ss.com> wrote:
> >
> > some explanations:
> >
> > we use sssd which takes data from our ldap-based system.
>
> Well done. Absolutely perfect.
>
>
> > # getent passwd test2 at dom.domain.ru
> > test2 at dom.domain.ru:*:1113535:1113535:test2:/home/dom.domain.ru/test2:/bin/bash
>
> OK.
> So now we chop off test2 using cut or sed or something
> then proceed as follows
> samba-tool user create test2
>
> Now chop off and assemble the following into a file, say, test2.ldif
> Note the handy ':' delimiters;)
>
> dn: cn=test2,cn=Users,dc=dom,dc=domain,d=ru
> changetype: modify
> add: uidNumber
> uidNumber: 1113535
> -
> add: gidNumber
> gidNumber: 1113535
> -
> add:unixHomeDirectory
> unixHomeDirectory: /home/dom.domain.ru/test2
> -
> add: loginShell
> loginShell: /bin/bash
>
> Now stick it into AD:
>
> ldbmodify --url=/path/to/your/private/sam.ldb test2.ldif
>
> repeat for each user you wish to add: getent passwd and chop and
> assemble a line at a time perhaps?
>
> You now have your existing ldap sitting comfortably in AD. sssd is the
> perfect tool for pulling this info too but of course now, you're on
> the DC or your Linux clients.
yes, it works if i set 'idmap_ldb:use rfc2307 = yes' .
in our infrastructure there is an integration with windows AD.
user management works via ldap, passwords sync via patched ms ssod.
i can extend this integration in such way that
uidNumber/gidNumber/etc attributes are automatically added into
samba AD.
but when i started to play with samba4 i hoped it behaves
"more unix way". if to talk from the state where we are now then
for instance something like
'idmap_ldb:use sss = yes' (or use nss = yes ?)
i took a look at source4/winbind/idmap.c and also python code.
it seems it is rather easy to add 'idmap_ldb:use sss = yes'
functionality there. but here is the question - would it be samba way?
would samba team accept such patch?
--
Andy Igoshin <ai at vsu.ru> Voronezh State University
sip: ai at vsu.ru Network Operation Center
phone: +7 473 2281160, ext. 2020 Voronezh, Russia
More information about the samba
mailing list