rfc2307 and role of idmap.ldb

steve steve at steve-ss.com
Wed Jul 17 05:00:40 MDT 2013

On Wed, 2013-07-17 at 12:21 +0200, Gémes Géza wrote:
> Hi,
> Is idmap.ldb (4.0.7 AD DC) in use if all entries (users and groups) have 
> posix attributes in AD?
> I'm asking that because I plan to share the sysvol folder between DCs 
> using a cluster file system (ocfs2) but with different idmap.ldb entries 
> that could become a maintenance nightmare.
> Cheers
> Geza Gemes

Hi Géza hi everyone
I know by testing that any user or group you add after provision can be
safely removed from idmap.ldb if you have his rfc2307 entries in AD and
you have idmap_ldb:use rfc2307 = Yes in smb.conf. You once told me to
keep it for the special objects that were created just after provision
e.g. the 3000000 to 30000002 range that are used for sysvol. I too
really would like to lose idmap.ld and so would like to know the
official answer. The one problem which comes to mind is the auto
increment object which stores the next free xidNumber  

More information about the samba-technical mailing list