Wrong usage of lp_idmap_backend() value?

Jeremy Allison jra at samba.org
Wed Jul 2 18:10:50 GMT 2003 

On Wed, Jul 02, 2003 at 08:35:49PM +0300, Alexander Bokovoy wrote:
> On Wed, Jul 02, 2003 at 07:32:03PM +0300, Alexander Bokovoy wrote:
> > On Wed, Jul 02, 2003 at 07:16:30PM +0300, Alexander Bokovoy wrote:
> > > Greetings!
> > > 
> > > In smbd/server.c we are supposed to use value of 'idmap backend' option to
> > > initialize idmap but code logic is different: it decides to override
> > > everything in 'idmap backend' by 'winbind' unless 'idmap backend' is empty
> > > in which case we supply NULL as argument to idmap_init().
> > > 
> > > Is it on purpose or wrong?
> > Replying myself: Jeremy made this with following comment:
> > 
> > "Stop tdb being used as a remote backend. If an
> > idmap backend is specified cause smbd to ask winbindd (use winbindd if
> > you want a consistant remote backend solution).
> > Should work well enough for next beta now...
> > Jeremy."
> > http://cvs.samba.org/cgi-bin/cvsweb/samba/source/smbd/server.c.diff?r1=1.372.2.26&r2=1.372.2.27&only_with_tag=SAMBA_3_0&f=h
> > 
> > Ignore previous letter.
> Hm... This still under question...
> 
> I have a test setup where 'security = server' and all user/group data is
> supposed to be stored in LDAP. With Samba 3.0beta2 this no longer works.
> 
> [global]
> 	# guest is added automatically, nothing changes if it is 
> 	# specified here as well
> 	passdb backend = ldapsam 
> 
> 	security = server
> 	
> 	idmap backend = ldap:ldap://localhost/
> 	ldap idmap suffix = ou=Idmap,$DNBASE
> 	idmap uid         = 40000-50000
> 	idmap gid         = 40000-50000
> 
> 	ldap suffix = $DNBASE
> 	ldap machine suffix = ou=Computers
> 	ldap user suffix = ou=Users
> 	ldap admin dn = "cn=Administrator,ou=Users,$DNBASE"
> 	
> 	winbind separator = +
> 	winbind enum groups = true
> 	winbind enum users = true
> 
> All my users are in ou=Users,$DNBASE, idmap entries in ou=Idmap,$DNBASE,
> machine accounts are in ou=Computers,$DNBASE.
> 
> This is a test setup from scratch using attached ldif file. smbpasswd
> succesfully added users to LDAP and allocated UIDs for them.
> 
> Winbindd starts successfuly for first time and creates
> uidNumber=99,ou=Idmap,$DNBASE entry with correct sambaIdmapEntry values.
> 
> However, winbindd fails to start second time saying:
> ........................................................
> Opening cache file at /var/cache/samba/gencache.tdb
> namecache_enable: enabling netbios namecache, timeout 660 seconds
> smb_register_idmap: Successfully added idmap backend 'winbind'
> smb_register_idmap: Successfully added idmap backend 'ldap'
> smb_register_idmap: Successfully added idmap backend 'tdb'
> idmap_init: using 'ldap' as remote backend
> ldap_idmap_open_connection: connection opened
> ldap_idmap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesful connected
> ldap_idmap_open: already connected to the LDAP server
> ldap_set_mapping: Failed to create mapping from S-1-5-21-3962315264-2832475013-2063198254-501 to 99 [uidNumber]
> ---------------------------------------------------------------------------------------------------------------

Can you get me more info on this ? Maybe more debug info on
why ldap_set_mapping failed ?

Jeremy.

More information about the samba-technical mailing list