Deprecated but still supported "idmap backend" actually is broken

Gerald (Jerry) Carter jerry at
Wed Oct 10 19:04:39 GMT 2007

Hash: SHA1

Dmitry Butskoy wrote:
> On Wed, 2007-10-10 at 13:00 -0500, Gerald (Jerry) Carter wrote:
>> "idmap backend = rid:FOO=1000-2000
>> This is incorrect syntax since it implies the trusted domain
>> patch which was never officially supported. 
> You have confused me completely :)
> It was correct for 3.0.24, now (3.0.26) the "idmap 
> backend" is deprecated at all. What the "trusted domain
> patch" do you say about?..

Sorry.  I'm working of memory here.  Did you compile Samba
yourself?  Or are you using someone;s packages?

>>   If you just say "idmap backend = rid" it should be ok 
> But how can I specify the range (1000-100000)? IOW what 
> to add to the rid to make the uid (f.e. if rid is, say 513, then
> I want gid to be 1513 etc.)

That's actually what the idmap uid and idmap gid values should
do for you.

> Anyway, I know that "idmap backend" is deprecated and 
> obsoleted now, but ReleaseNotes mentions that it should
> still work as before (for compatibility). But it does not.
> And since people do like SWAT to configure Samba, and SWAT
> seems to not support "idmap config" yet, the old scheme
> should be preserved and should work...

I agree.  No arguements there.

> The problem is the idmap domain name at runtime are 
> the string "default domain" instead of the actual doman name,
> and winbindd cannot find such a "domain" (until I change the doman
> ame at AD to 'DEFAULT DOMAIN.COM' 8) )

Nope.  This should be equivalent (assuming I don't have typos in
any option names).

	idmap domains = FOO
	idmap config FOO:backend = rid
	idmap config FOO:read_only = yes
	idmap config FOO:range = 1000-100000

cheers, jerry
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list