rfc2307 and role of idmap.ldb

Gémes Géza geza at kzsdabas.hu
Wed Jul 17 06:25:50 MDT 2013

2013-07-17 13:00 keltezéssel, steve írta:
> On Wed, 2013-07-17 at 12:21 +0200, Gémes Géza wrote:
>> Hi,
>> Is idmap.ldb (4.0.7 AD DC) in use if all entries (users and groups) have
>> posix attributes in AD?
>> I'm asking that because I plan to share the sysvol folder between DCs
>> using a cluster file system (ocfs2) but with different idmap.ldb entries
>> that could become a maintenance nightmare.
>> Cheers
>> Geza Gemes
> Hi Géza hi everyone
> I know by testing that any user or group you add after provision can be
> safely removed from idmap.ldb if you have his rfc2307 entries in AD and
> you have idmap_ldb:use rfc2307 = Yes in smb.conf. You once told me to
> keep it for the special objects that were created just after provision
> e.g. the 3000000 to 30000002 range that are used for sysvol. I too
> really would like to lose idmap.ld and so would like to know the
> official answer. The one problem which comes to mind is the auto
> increment object which stores the next free xidNumber
> Cheers,
> Steve
I agree, that the best would be to get rid of it, but until then the 
question is: can it be safely shared between DCs, do they write to it at 
all, or could the version of one be copied to the other (do an ntacl 
sysvolreset on the target) and done?


Geza Gemes

More information about the samba-technical mailing list