[PATCH] New idmap module idmap_rfc2307

steve steve at steve-ss.com
Sat Jun 23 00:51:15 MDT 2012 

On 06/23/2012 12:37 AM, Andrew Bartlett wrote:
> On Fri, 2012-06-22 at 12:10 +0200, steve wrote:
>> On 21/06/12 22:37, Christof Schmitt wrote:
>>> steve<steve at steve-ss.com>  wrote on 06/21/2012 11:28:54 AM:
>>>
>>>> On 06/21/2012 06:14 PM, Christof Schmitt wrote:
>>>>> yes, this will still be ok when the patches are applied. Nothing will
>>>>> change unless you enable the new id mapping modules in the config. You
>>>>> would enable it with the idmap parameter:
>>>>>
>>>>> idmap config DOMAIN : backend = rfc2307
>>>>>
>>>>> This module would allow you to also use the records in the LDAP
>>>>> directory for the Samba id mapping. See the patch that adds the
>>>>> manpage for some details how to enable and configure it.
>>>>>
>>>>> Regards,
>>>> Hi Christoph
>>>> Actually that is what we want. Under nfs for our Linux clients,
>>>> everything comes from the directory. Under s3fs, uidNumber and gidNumber
>>>> still have to come from idmap. I think your patch will allow s3fs to
>>>> also pull uidNumber:gidNumber from the directory if they are already
>>>> there. Have I got thhat right?
>>> I have not explicitly tested with s3fs, i am still using a setup
>>> without s3fs.
>>>
>>> And yes, it gets the id mapping by looking at the uidNumber and
>>> gidNumber in the LDAP records.
>>>
>>>> I shall surely look at the manpage patch but could you tell me if
>>>>
>>>> idmap config DOMAIN : backend = rfc2307
>>>>
>>>> goes into smb.conf global section?
>>> Yes, it goes in the global section. This is the setup i used for
>>> testing with a stand-alone LDAP server:
>>>
>> Hi Christof
>> I just tested the
>> idmap config DOMAIN : backend = rfc2307
>> on the latest git from today.
>>
>> Under s3fs it doesn't seem to work. If a user creates a file in windows,
>> the uidNumber and gidNumber come from idmap, not from the directory.
>>
>> Under NFS on Linux clients everything works fine. All the rfc2307
>> classes and attributes are exactly those set in the s4 LDAP directory,
>> pulled via nss.
>>
>> Maybe I have missed something?
> s3fs and the Samba4 DC use a different winbindd implementation to the
> one that Christof is patching.  For that reason, these patches simply
> won't have any benefit for you on the Samba4 DC.
>
> Andrew Bartlett
>
Hi Andrew

Would it be possible at some stage to have a patch which allowed _all_ 
of rfc2307 to come from the directory and bypass idmap completely? It 
works using nss-ldapd for Linux over NFS. But not over s3fs.

IOW for s3fs, rfc2307 comes from the directory apart from uidNumber and 
gidNumber.

winbindd is not an option for us because of the limitation it imposes on 
unixHomeDirectory.

Cheers,
Steve

More information about the samba-technical mailing list