[PATCH] New idmap module idmap_rfc2307

Christof Schmitt christof.schmitt at us.ibm.com
Thu Jun 21 10:14:03 MDT 2012

steve at steve-ss.com wrote on 06/20/2012 11:51:47 PM:

> On 06/21/2012 01:27 AM, Christof Schmitt wrote:
> > This is a new idmap module that retrieves id mapping information
> > from RFC2307 records in a LDAP server. The LDAP server can be
> > either the ADS LDAP server or a stand-alone one. Since RFC2307
> > defines records that map between names and uids, the lookup
> > processes uses two steps: The mapping between SID and name is
> > retrieved from the ADS and the mapping between name and uid/gid
> > is retrieved from the LDAP records.
> >
> > The first five patches change existing code, so that it can be
> > reused by this new module. The patches apply to the master
> > branch.
> >
> Hi Christof
> For users, I already have:
> posixAccount
> uidNumber
> gidNumber
> loginShell
> unixHomeDirectory
> and for groups:
> posixGroup
> gidNumber
> stored in the directory in the dn of the user or group. We pull out this 

> info for our Linux clients using nss-pam-ldapd.
> Will this still be OK when the patches are applied?

Hi Steve,

yes, this will still be ok when the patches are applied. Nothing will
change unless you enable the new id mapping modules in the config. You
would enable it with the idmap parameter:

idmap config DOMAIN : backend = rfc2307

This module would allow you to also use the records in the LDAP
directory for the Samba id mapping. See the patch that adds the
manpage for some details how to enable and configure it.


Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)

More information about the samba-technical mailing list