External idmap backend(s)
Gerald (Jerry) Carter
jerry at samba.org
Tue Feb 6 22:15:38 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gerald (Jerry) Carter wrote:
> Matthew Mastracci wrote:
>
>>> The big difference between our setup and the standard
>>> LDAP idmap backend is that our UID/GIDs are
>>> allocated at user creation time using the posixAccount
>>> attributes through our user creation scripts to centralize
>>> the operation.
>
> I think you just want the idmap_nss backend then right?
To clarify, the new idmap backend (just merged to SAMBA_3_0_25)
allows this kind of configuration
idmap domains = default VALE
idmap config VALE:backend = nss
idmap config default:backend = tdb
idmap config default:default = yes
idmap config default:range = 100000-200000
idmap alloc backend = tdb
idmap alloc config:range = 100000-200000
Which means that for my domain, I pick up the uid/gid
based on username from the NSS getpwnam() calls. And
for trusted domains, I allocate one locally using the tdb.
Of course, this assumes you have a working nss_ldap
installation. But this works perfectly on my Samba member
servers.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFyP4KIR7qMdg1EfYRAlFTAJ0XVh8XVxkwHSsnzKky0TIB362rcgCfX9HD
jiofR/GXv+JBCElS9nHu6eo=
=Q8WM
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list