Samba4: idmap replication between 2 DC's

steve steve at
Sun Jul 15 10:14:15 MDT 2012

On 12/07/12 15:14, Michael Adam wrote:
> Andrew Bartlett wrote:
>> On Wed, 2012-07-11 at 21:23 +0200, Gémes Géza wrote:
>>> 2012-07-11 10:58 keltezéssel, steve írta:

>> Indeed, this is exactly the purpose for which this was implemented.  I'm
>> glad you find it useful!
> If I read the code correctly, the s4-idmap code only reads the
> rfc 2307 attributest but does not write to them. New mappings are
> created in the idmap.ldb always.

Hi Michael, that's not quite right.

If you create a new user with posixAccount, idmap is _not_ written and 
the uidNumber comes from the directoy. Correct.

If you create a new group by adding posixGroup, there is always a new 
entry written to idmap. If you attempt to delete that entry, a new entry 
is created in idmap which is not the gidNumber. Not desirable.
> This is confusing.
> Shouldn't we add a mode where new mappings are also created in
> the sam's posix attributes if the "use rfc" is on?
> Cheers - Michael
I'd say, if we are going to implement uidNumber and gidNumber being 
pulled from the directory with:
idmap_ldb:use rfc2307 = yes
then let's have it for _both_ uidNumber and gidNumber
Cheers, Steve

Really sorry guys but I think this is important. yes, I've tried all in 
my power. I had to bugzilla it:

More information about the samba-technical mailing list