idmap backend = ldap, something missing

Leandro Ariel Gomez Chavarria lgomez at
Wed Oct 29 23:21:38 GMT 2003

Hello all, I'm implementing a Samba file server using security =
domain and I need to make the idmap database unique across the network,
so I'm trying to store it in a ldap server. I don't care about
anything else concerning users accounts than the idmap, users belongs to
an ADS structure working in mixing mode.

I install open ldap and make it work, adding the schema includes in the
slapd.conf file

include         /usr/local/etc/openldap/schema/core.schema
## needed for sambaSamAccount
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema

then I put the needed entries in the smb.conf

        ldap suffix = dc=test,dc=oldap,dc=e200,dc=arg
        ldap admin dn = cn=Manager,dc=test,dc=oldap,dc=e200,dc=arg
        idmap backend = ldap:ldap://
        ldap idmap suffix = dc=test,dc=oldap,dc=e200,dc=arg
        idmap uid = 100000-150000
        idmap gid = 100000-150000
        winbind separator = +
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/Samba/Users/%U
        template shell = /bin/false

starts winbindd and I can see it's successfully connected to the

[2003/10/29 20:03:58, 3] sam/idmap.c:idmap_init(129)
  idmap_init: using 'ldap' as remote backend
[2003/10/29 20:03:58, 2] lib/smbldap.c:smbldap_open_connection(623)
  smbldap_open_connection: connection opened
[2003/10/29 20:03:58, 3] lib/smbldap.c:smbldap_connect_system(785)
  ldap_connect_system: succesful connection to the LDAP server
[2003/10/29 20:03:58, 4] lib/smbldap.c:smbldap_open(836)
  The LDAP server is succesful connected

But it can't create the idmap for users, for example here I did this:
getent passwd cencosud+lgomez

[2003/10/29 20:05:34, 3]
  Connecting to host=DCMAR001 (this is my PDC)
[2003/10/29 20:05:34, 3] lib/util_sock.c:open_socket_out(690)
  Connecting to at port 445
[2003/10/29 20:05:34, 3] nsswitch/winbindd_rpc.c:name_to_sid(272)
  rpc: name_to_sid name=lgomez
[2003/10/29 20:05:34, 3] nsswitch/winbindd_rpc.c:name_to_sid(281)
  name_to_sid [rpc] lgomez for domain CENCOSUD
[2003/10/29 20:05:34, 3] nsswitch/winbindd_rpc.c:query_user(364)
  rpc: query_user rid=S-1-5-21-1618675818-891749745-526660263-1023
[2003/10/29 20:05:34, 3] sam/idmap_ldap.c:ldap_get_id_from_sid(582)
  ldap_get_id_from_sid: Failure looking up group mapping (No such
[2003/10/29 20:05:34, 1]
  error getting user id for sid

obviously I'm forgetting to do something after bringing up the ldap
server, create what? In the ldap structure, remember the only thing I
care about it's the idmap and everything works fine if I use the local
winbindd_idmap.tdb file.

Any help will be appreciated, leandro.-

More information about the samba-technical mailing list