[Samba] LDAP IDMAP not working

Andrew Bartlett abartlet at samba.org
Mon Nov 10 21:35:11 GMT 2003 

On Tue, 2003-11-11 at 00:08, ww m-pubsyssamba wrote:
> Hi all,
> 
> 	anyone able to point out why I'm not able to get samba 3.0.0 to update my LDAP server with any idmap data? I'm using SunOne DS 5.2 LDAP server and the following entries in my smb.conf file,
> 
> 	ldap admin dn = "uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"
> 	ldap ssl = off
> ;	ldap suffix = "dc=testlan,dc=bbc,dc=co,dc=uk"	** have tried with this attribute on and off **
>              winbind separator = +
>              winbind cache time = 10
>              template shell = /bin/sh
>             ; template homedir = /home/%D/%U
> 	     idmap backend = ldap:ldap://bbcwwp-sun24.testlan.bbc.co.uk:389
> 	     ldap idmap suffix = ou=idmap,dc=testlan,dc=bbc,dc=co,dc=uk
> 	     ldap group suffix = ou=idmap,dc=testlan,dc=bbc,dc=co,dc=uk
> 	     ldap user suffix = ou=idmap,dc=testlan,dc=bbc,dc=co,dc=uk
> 	     ldap machine suffix = ou=idmap,dc=testlan,dc=bbc,dc=co,dc=uk
>              idmap uid = 10000-20000
>              idmap gid = 10000-20000
> 	winbind enum users = yes
> 	winbind enum groups = yes
> 
> I've successfully updated the schema with the samba bits and have tested the admin account specified in the smb.conf using ldapsearch. I've created both a root and admin account using smbpasswd with the correct password for the admin account (I wasn't clear which account should be used from the samba documentation). But my idmap OU is empty, and to be honest I can't even see any attempts to access the LDAP server from its access logs (excepting when testing using ldapsearch). Any help would be appreciated,

Is that the whole smb.conf?  When Samba is a DC, or a standalone server,
it doesn't use IDMAP for local accounts.  (Something that changed over
the course of the idmap design and implementation)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031111/30f8a390/attachment.bin

More information about the samba mailing list