Samba4 idmap using uidNumber/gidNumber

Gémes Géza geza at
Sun Jun 10 05:33:27 MDT 2012

On 2012-06-10 12:53, steve wrote:
> On 10/06/12 11:05, Gémes Géza wrote:
>> On 2012-06-10 11:05, steve wrote:
>>> On 10/06/12 09:39, Gémes Géza wrote:
>>>> On 2012-06-10 08:02, Andrew Bartlett wrote:
>>>>> Steve,
>>>>> Attached is a patch that I know you and a number of our users will be
>>>>> interested in.  This patch makes Samba4 honour the
>>>>> uidNumber/gidNumber
>>>>> attributes in the directory, when present.
>>>>> This is done in a simple manner - we simply search the directory
>>>>> first.
>>>>> No attempt at resolving conflicts with the idmap.ldb is done, the
>>>>> directory simply wins.
>>>>> I haven't had a chance to test this yet (just got it to compile),
>>>>> but if
>>>>> you wish to test/comment in a non-production environment, it will
>>>>> assist
>>>>> us in bringing this important functionality to the Samba 4.0 release.
>>>>> Beyond this, the next step will be to make the 'samba-tool domain
>>>>> samba3upgrade' tool populate these mappings, rather than idmap.ldb.
>>>>> Michael,
>>>>> If you have any thoughts or comments on how this is done, please
>>>>> let me
>>>>> know.  I would have liked to call into idmap_ad directly, but it is
>>>>> tied
>>>>> too much into the s3 winbind to use directly, so I've instead just
>>>>> tried
>>>>> to make it compatible.  The additional behaviour that I can see is
>>>>> that
>>>>> there is no idmap range specified (all uidNumber values in the
>>>>> directory
>>>>> are accepted) and we fall back to an ldb mapping on failure to
>>>>> find an
>>>>> AD mapping.
>>>>> Thanks,
>>>>> Andrew Bartlett
>>>> Hi,
>>>> That's really fantastic news (I can't wait to finish building it).
>>>> Just
>>>> two questions:
>>>> 1. How would s3fs behave encountering a group which would need to have
>>>> an uid (for owning some files)?
>>>> 2. Are there plans to implement shell and homedir lookups too (for
>>>> nss)?
>>>> Cheers,
>>>> Geza
>>> Hi Geza,
>>> I think that this is the rfc2307  what we've both wanted from the
>>> start.
>>> Could you walk me though how to build it? The patch that is. I've
>>> never done anything like that before and Andrew recommends I wait
>>> until it is in master.
>>> Cheers,
>>> Steve,
>>> At an absolutely 'I have to work on Sunday so I can't have air
>>> conditioning just for one person' 34º in Alicante!
>> Sure,
>> But unfortunately I have just started to upgrade (in fact a complete
>> reinstall being a Xen DomU) my Samba4 testbox, so still takes a little
>> to be able to provide a tested solution.
>> Cheers
>> Geza
> Hi
> Absolutely no rush. I just need to know how to apply a patch.
> Good luck with the upgrade.
> Cheers,
> Steve
So it is quite simple:

1. cd to the top level of your samba4 source
2. patch -p1 < /absolut/or/relative/path/to/the/patchfile/made/by/Andrew
3. ./configure.developer && make && make install

I didn't do the 3rd step yet, but I would recommend testing it with a
new provision.



More information about the samba-technical mailing list