[PATCH] New idmap module idmap_rfc2307

Christof Schmitt christof.schmitt at us.ibm.com
Thu Jun 21 14:37:18 MDT 2012 

steve <steve at steve-ss.com> wrote on 06/21/2012 11:28:54 AM:

> On 06/21/2012 06:14 PM, Christof Schmitt wrote:
> > yes, this will still be ok when the patches are applied. Nothing will
> > change unless you enable the new id mapping modules in the config. You
> > would enable it with the idmap parameter:
> >
> > idmap config DOMAIN : backend = rfc2307
> >
> > This module would allow you to also use the records in the LDAP
> > directory for the Samba id mapping. See the patch that adds the
> > manpage for some details how to enable and configure it.
> >
> > Regards,
> Hi Christoph
> Actually that is what we want. Under nfs for our Linux clients, 
> everything comes from the directory. Under s3fs, uidNumber and gidNumber 

> still have to come from idmap. I think your patch will allow s3fs to 
> also pull uidNumber:gidNumber from the directory if they are already 
> there. Have I got thhat right?

I have not explicitly tested with s3fs, i am still using a setup
without s3fs.

And yes, it gets the id mapping by looking at the uidNumber and
gidNumber in the LDAP records.

> I shall surely look at the manpage patch but could you tell me if
> 
> idmap config DOMAIN : backend = rfc2307
> 
> goes into smb.conf global section?

Yes, it goes in the global section. This is the setup i used for
testing with a stand-alone LDAP server:

net conf setparm global 'idmap config example : backend' 'rfc2307'
net conf setparm global 'idmap config example : range' 
'400000000-499999999'
net conf setparm global 'idmap config example : ldap_server' 'stand-alone'
net conf setparm global 'idmap config example : bind_path_user' 
'ou=People,dc=example,dc=com'
net conf setparm global 'idmap config example : bind_path_group' 
'ou=Group,dc=example,dc=com'
net conf setparm global 'idmap config example : ldap_url' 
'ldap://ldap.example.com'
net conf setparm global 'idmap config example : ldap_user_dn' 
'cn=manager,dc=example,dc=com'
net conf setparm global 'ldap ssl' no
net idmap secret example secret

Regards,

Christof Schmitt || IBM || SONAS System Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469  (T/L: 321-2469)

More information about the samba-technical mailing list