Samba4 idmap using uidNumber/gidNumber

Greg Dickie greg at
Tue Jun 19 12:53:08 MDT 2012

Hi Steve,

  You are using LDAP to pull these attributes correct? How did you get
authenticated binds working in nss? 

Also note that windows server ADs will require the  msSFU30NIS objects
in the directory before they will "recognize" the other attributes (ie:
let you access them). You need to install the Identity Management for
UNIX stuff to get that working. Silly windows ;-)


On Tue, 2012-06-12 at 17:34 +0200, steve wrote:
> On 06/10/2012 02:21 PM, Andrew Bartlett wrote:
> > On Sun, 2012-06-10 at 09:39 +0200, Gémes Géza wrote:
> >> On 2012-06-10 08:02, Andrew Bartlett wrote:
> >>> Steve,
> >>>
> >>> Attached is a patch that I know you and a number of our users will be
> >>> interested in.  This patch makes Samba4 honour the uidNumber/gidNumber
> >>> attributes in the directory, when present.
> >>>
> >>> This is done in a simple manner - we simply search the directory first.
> >>> No attempt at resolving conflicts with the idmap.ldb is done, the
> >>> directory simply wins.
> Hi Andrew. I'm a little confused here because we can already do that. 
> The schema has all the objectClasses and attributes we need. e.g.
> With each user entry in the directory one can store:
> uid
> gid
> uidNumber
> gidNumber
> posixAccount
> unixHomeDirectory
> loginShell
> A similar set for groups
> We then map uid to samAcccountName using nss. It pulls everything else 
> directly from the directory. No winbind.
> We don't touch idmap.ldb anywhere as far as I can tell.
> Cheers,
> Steve

Greg Dickie
just a guy

More information about the samba-technical mailing list