Samba4: idmap replication between 2 DC's
steve at steve-ss.com
Sun Jul 15 10:14:15 MDT 2012
On 12/07/12 15:14, Michael Adam wrote:
> Andrew Bartlett wrote:
>> On Wed, 2012-07-11 at 21:23 +0200, Gémes Géza wrote:
>>> 2012-07-11 10:58 keltezéssel, steve írta:
>> Indeed, this is exactly the purpose for which this was implemented. I'm
>> glad you find it useful!
> If I read the code correctly, the s4-idmap code only reads the
> rfc 2307 attributest but does not write to them. New mappings are
> created in the idmap.ldb always.
Hi Michael, that's not quite right.
If you create a new user with posixAccount, idmap is _not_ written and
the uidNumber comes from the directoy. Correct.
If you create a new group by adding posixGroup, there is always a new
entry written to idmap. If you attempt to delete that entry, a new entry
is created in idmap which is not the gidNumber. Not desirable.
> This is confusing.
> Shouldn't we add a mode where new mappings are also created in
> the sam's posix attributes if the "use rfc" is on?
> Cheers - Michael
I'd say, if we are going to implement uidNumber and gidNumber being
pulled from the directory with:
idmap_ldb:use rfc2307 = yes
then let's have it for _both_ uidNumber and gidNumber
Really sorry guys but I think this is important. yes, I've tried all in
my power. I had to bugzilla it:
More information about the samba-technical