Samba4: idmap replication between 2 DC's
Andrew Bartlett
abartlet at samba.org
Thu Jul 12 16:58:44 MDT 2012
On Thu, 2012-07-12 at 18:47 +0200, steve wrote:
> On 12/07/12 15:11, Andrew Bartlett wrote:
> > On Thu, 2012-07-12 at 14:43 +0200, steve wrote:
> >> On 12/07/12 11:25, Andrew Bartlett wrote:
> >>> On Wed, 2012-07-11 at 21:23 +0200, Gémes Géza wrote:
> >>>> 2012-07-11 10:58 keltezéssel, steve írta:
>
> > Steve,
> >
> > Then I think your task is clear. Please add whatever debugging you feel
> > is required to the relevant idmap code and work out why the mappings are
> > not returned.
> >
> > Thanks,
> >
>
> Hi Andrew, hi everyone
>
> I am getting closer. To begin with,
> samba-tool user add <user>
> always creates an entry in idmap.ldb
>
> If we want
> idmap_ldb:use rfc2307 = yes
> to work, we must delete the entry in idmap.ldb immediately after the
> user is created.
Can you investigate how this happens? I can't see what would do that in
the code.
> That solves the problem for uidNumber on both DC1 and DC2. We can easily
> change our useredd scripts to do that after we have added the necessary
> rfc2307 attributes and classes.
>
> For groups however removing the idmap.ldb entry does not work. Upon a
> wbinfo --group-info=<group> a new entry is created in idmap.ldb.
>
> Is this correct? Once again, this causes problems as the idmap entries
> on the replicating DC's are not the same.
>
> Can we get the gidNumber to be read from the directory too?
The gidNumber for groups should be read from the directory. Please
investigate if this isn't happening.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list