LDAP Synchronization

Andrew Bartlett abartlet at samba.org
Fri Jun 22 16:46:24 MDT 2012

On Fri, 2012-06-22 at 17:09 +1000, Robert Colquhoun wrote:

> Finally idmap....we have environment with lots of unix applications
> which depend on consistent uid and gid mapping for each user and
> group.  To get this working first had to write ldbmodify scripts to
> fix idmap.ldb so that the entries present in there were consistent
> with currently installed Openldap system.  "samba-tool user create"
> did not seem to have the ability to manually specify these values when
> creating/synchronizing users from the existing openldap system.
> Secondly once above was done realized had to create a separate idmap
> OU in the current openldap system for samba3 winbind to use on each of
> the fileservers.  I am nervous that the different idmap systems
> between samba 3, samba 4 and the original openldap(where uid/gid is
> stored rfc2307) will become inconsistent and cause problems(ie users
> and/or applications will lose access to their files).

See the new parameter 'idamp_ldb:use rfc237 = yes' so you can use the
uidNumber and gidNumber values in the Samba4 directory.  The new
samba-tool domain classicupgrade populates these during the upgrade.

Patches to allow this to be specified during samba-tool user create are

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list