External idmap backend(s)

Gerald (Jerry) Carter jerry at samba.org
Tue Feb 6 22:34:18 GMT 2007

Hash: SHA1

Matthew Mastracci wrote:

> This looks like exactly what we need: excellent!
> I originally tried to implement our system using 
> nss_ldap on each of the servers, but we couldn't get
> the member servers to recognize the domain users
> without winbind running (which is why I ended up
> writing the external backend).  I didn't realize this
> existed, much thanks to all the developers of this
> feature for the implementation.

Yup.  This was added when Simo rewrote the idmap interface.
It replaces  the 'winbind trusted domains only' option.

> From what I can tell, I'll just need to push my ldap.conf 
> & smb.conf to each of the member servers, set up nsswitch
> to add LDAP and I should have exactly what we were doing
> the roundabout way before.

Yup.  Sounds right.  Let me know how it goes for you.  This
current is in the SAMBA_3_0_25 tree (not released production
versions yet)

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba-technical mailing list