Samba4 idmap using uidNumber/gidNumber

Andrew Bartlett abartlet at
Sun Jun 10 00:02:34 MDT 2012


Attached is a patch that I know you and a number of our users will be
interested in.  This patch makes Samba4 honour the uidNumber/gidNumber
attributes in the directory, when present. 

This is done in a simple manner - we simply search the directory first.
No attempt at resolving conflicts with the idmap.ldb is done, the
directory simply wins. 

I haven't had a chance to test this yet (just got it to compile), but if
you wish to test/comment in a non-production environment, it will assist
us in bringing this important functionality to the Samba 4.0 release.

Beyond this, the next step will be to make the 'samba-tool domain
samba3upgrade' tool populate these mappings, rather than idmap.ldb.


If you have any thoughts or comments on how this is done, please let me
know.  I would have liked to call into idmap_ad directly, but it is tied
too much into the s3 winbind to use directly, so I've instead just tried
to make it compatible.  The additional behaviour that I can see is that
there is no idmap range specified (all uidNumber values in the directory
are accepted) and we fall back to an ldb mapping on failure to find an
AD mapping.


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-idmap-Add-mapping-using-uidNumber-and-gidNumber-l.patch
Type: text/x-patch
Size: 7264 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list