Wrong usage of lp_idmap_backend() value?

Alexander Bokovoy a.bokovoy at sam-solutions.net
Wed Jul 2 17:35:49 GMT 2003

On Wed, Jul 02, 2003 at 07:32:03PM +0300, Alexander Bokovoy wrote:
> On Wed, Jul 02, 2003 at 07:16:30PM +0300, Alexander Bokovoy wrote:
> > Greetings!
> > 
> > In smbd/server.c we are supposed to use value of 'idmap backend' option to
> > initialize idmap but code logic is different: it decides to override
> > everything in 'idmap backend' by 'winbind' unless 'idmap backend' is empty
> > in which case we supply NULL as argument to idmap_init().
> > 
> > Is it on purpose or wrong?
> Replying myself: Jeremy made this with following comment:
> "Stop tdb being used as a remote backend. If an
> idmap backend is specified cause smbd to ask winbindd (use winbindd if
> you want a consistant remote backend solution).
> Should work well enough for next beta now...
> Jeremy."
> http://cvs.samba.org/cgi-bin/cvsweb/samba/source/smbd/server.c.diff?r1=1.372.2.26&r2=1.372.2.27&only_with_tag=SAMBA_3_0&f=h
> Ignore previous letter.
Hm... This still under question...

I have a test setup where 'security = server' and all user/group data is
supposed to be stored in LDAP. With Samba 3.0beta2 this no longer works.

	# guest is added automatically, nothing changes if it is 
	# specified here as well
	passdb backend = ldapsam 

	security = server
	idmap backend = ldap:ldap://localhost/
	ldap idmap suffix = ou=Idmap,$DNBASE
	idmap uid         = 40000-50000
	idmap gid         = 40000-50000

	ldap suffix = $DNBASE
	ldap machine suffix = ou=Computers
	ldap user suffix = ou=Users
	ldap admin dn = "cn=Administrator,ou=Users,$DNBASE"
	winbind separator = +
	winbind enum groups = true
	winbind enum users = true

All my users are in ou=Users,$DNBASE, idmap entries in ou=Idmap,$DNBASE,
machine accounts are in ou=Computers,$DNBASE.

This is a test setup from scratch using attached ldif file. smbpasswd
succesfully added users to LDAP and allocated UIDs for them.

Winbindd starts successfuly for first time and creates
uidNumber=99,ou=Idmap,$DNBASE entry with correct sambaIdmapEntry values.

However, winbindd fails to start second time saying:
Opening cache file at /var/cache/samba/gencache.tdb
namecache_enable: enabling netbios namecache, timeout 660 seconds
smb_register_idmap: Successfully added idmap backend 'winbind'
smb_register_idmap: Successfully added idmap backend 'ldap'
smb_register_idmap: Successfully added idmap backend 'tdb'
idmap_init: using 'ldap' as remote backend
ldap_idmap_open_connection: connection opened
ldap_idmap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
ldap_idmap_open: already connected to the LDAP server
ldap_set_mapping: Failed to create mapping from S-1-5-21-3962315264-2832475013-2063198254-501 to 99 [uidNumber]
/ Alexander Bokovoy
Bounders get bound when they are caught bounding.
		-- Ralph Lewin
-------------- next part --------------
objectClass: organization

dn: ou=Users,$DNBASE
objectClass: organizationalUnit
ou: Users

dn: ou=Computers,$DNBASE
objectClass: organizationalUnit
ou: Computers

dn: ou=idmap,$DNBASE
objectClass: organizationalUnit
ou: idmap

dn: uid=Administrator,ou=Users,$DNBASE
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
SambaSID: S-1-5-21-3962315264-2832475013-512
gidNumber: 0
uid: Administrator
uidNumber: 0
homeDirectory: /

dn: uid=nobody,ou=Users,$DNBASE
cn: Nobody
sn: Nobody
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
SambaSID: S-1-5-21-3962315264-2832475013-501
gidNumber: 99
uid: nobody
uidNumber: 99
homeDirectory: /

More information about the samba-technical mailing list