[PATCH] New idmap module idmap_rfc2307

Andrew Bartlett abartlet at samba.org
Fri Jun 22 16:37:30 MDT 2012 

On Fri, 2012-06-22 at 12:10 +0200, steve wrote:
> On 21/06/12 22:37, Christof Schmitt wrote:
> > steve<steve at steve-ss.com>  wrote on 06/21/2012 11:28:54 AM:
> >
> >> On 06/21/2012 06:14 PM, Christof Schmitt wrote:
> >>> yes, this will still be ok when the patches are applied. Nothing will
> >>> change unless you enable the new id mapping modules in the config. You
> >>> would enable it with the idmap parameter:
> >>>
> >>> idmap config DOMAIN : backend = rfc2307
> >>>
> >>> This module would allow you to also use the records in the LDAP
> >>> directory for the Samba id mapping. See the patch that adds the
> >>> manpage for some details how to enable and configure it.
> >>>
> >>> Regards,
> >> Hi Christoph
> >> Actually that is what we want. Under nfs for our Linux clients,
> >> everything comes from the directory. Under s3fs, uidNumber and gidNumber
> >
> >> still have to come from idmap. I think your patch will allow s3fs to
> >> also pull uidNumber:gidNumber from the directory if they are already
> >> there. Have I got thhat right?
> >
> > I have not explicitly tested with s3fs, i am still using a setup
> > without s3fs.
> >
> > And yes, it gets the id mapping by looking at the uidNumber and
> > gidNumber in the LDAP records.
> >
> >> I shall surely look at the manpage patch but could you tell me if
> >>
> >> idmap config DOMAIN : backend = rfc2307
> >>
> >> goes into smb.conf global section?
> >
> > Yes, it goes in the global section. This is the setup i used for
> > testing with a stand-alone LDAP server:
> >
> 
> Hi Christof
> I just tested the
> idmap config DOMAIN : backend = rfc2307
> on the latest git from today.
> 
> Under s3fs it doesn't seem to work. If a user creates a file in windows, 
> the uidNumber and gidNumber come from idmap, not from the directory.
> 
> Under NFS on Linux clients everything works fine. All the rfc2307 
> classes and attributes are exactly those set in the s4 LDAP directory, 
> pulled via nss.
> 
> Maybe I have missed something?

s3fs and the Samba4 DC use a different winbindd implementation to the
one that Christof is patching.  For that reason, these patches simply
won't have any benefit for you on the Samba4 DC.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list