LDAP Synchronization
Andrew Bartlett
abartlet at samba.org
Fri Jun 22 16:46:24 MDT 2012
On Fri, 2012-06-22 at 17:09 +1000, Robert Colquhoun wrote:
> Finally idmap....we have environment with lots of unix applications
> which depend on consistent uid and gid mapping for each user and
> group. To get this working first had to write ldbmodify scripts to
> fix idmap.ldb so that the entries present in there were consistent
> with currently installed Openldap system. "samba-tool user create"
> did not seem to have the ability to manually specify these values when
> creating/synchronizing users from the existing openldap system.
>
> Secondly once above was done realized had to create a separate idmap
> OU in the current openldap system for samba3 winbind to use on each of
> the fileservers. I am nervous that the different idmap systems
> between samba 3, samba 4 and the original openldap(where uid/gid is
> stored rfc2307) will become inconsistent and cause problems(ie users
> and/or applications will lose access to their files).
See the new parameter 'idamp_ldb:use rfc237 = yes' so you can use the
uidNumber and gidNumber values in the Samba4 directory. The new
samba-tool domain classicupgrade populates these during the upgrade.
Patches to allow this to be specified during samba-tool user create are
welcome.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list