Samba4 idmap using uidNumber/gidNumber
Greg Dickie
greg at justaguy.ca
Tue Jun 19 12:53:08 MDT 2012
Hi Steve,
You are using LDAP to pull these attributes correct? How did you get
authenticated binds working in nss?
Also note that windows server ADs will require the msSFU30NIS objects
in the directory before they will "recognize" the other attributes (ie:
let you access them). You need to install the Identity Management for
UNIX stuff to get that working. Silly windows ;-)
Greg
On Tue, 2012-06-12 at 17:34 +0200, steve wrote:
> On 06/10/2012 02:21 PM, Andrew Bartlett wrote:
> > On Sun, 2012-06-10 at 09:39 +0200, Gémes Géza wrote:
> >> On 2012-06-10 08:02, Andrew Bartlett wrote:
> >>> Steve,
> >>>
> >>> Attached is a patch that I know you and a number of our users will be
> >>> interested in. This patch makes Samba4 honour the uidNumber/gidNumber
> >>> attributes in the directory, when present.
> >>>
> >>> This is done in a simple manner - we simply search the directory first.
> >>> No attempt at resolving conflicts with the idmap.ldb is done, the
> >>> directory simply wins.
> Hi Andrew. I'm a little confused here because we can already do that.
> The schema has all the objectClasses and attributes we need. e.g.
> With each user entry in the directory one can store:
> uid
> gid
> uidNumber
> gidNumber
> posixAccount
> unixHomeDirectory
> loginShell
>
> A similar set for groups
>
> We then map uid to samAcccountName using nss. It pulls everything else
> directly from the directory. No winbind.
> We don't touch idmap.ldb anywhere as far as I can tell.
> Cheers,
> Steve
>
--
Greg Dickie
just a guy
514-983-5400
More information about the samba-technical
mailing list