[Samba] LDAP Idmap

Mon Aug 9 09:59:17 GMT 2004

Hi,
at least you have to specify:

idmap backend = ldap:ldap://<host>
idmap uid = 10000-20000
idmap gid = 10000-20000

ldap idmap suffix = <suffix>
ldap admin dn = <admindn>
ldap suffix = <suffix>

you don't have to change the nsswitch if winbind is already in there

regards
odi

Am Freitag, 6. August 2004 13:51 schrieb Shannon Johnson:
> Thanks for the quick response... but I've already been there.
>
> As I said, I'm NOT looking for an LDAP PDC... I'm ONLY looking for LDAP
> idmap. There is no documentation on idealx.org for an LDAP idmap that
> does NOT include the PDC... nor is there much documentation anywhere
> else about it.
>
>
> ____________________________
>
> Shannon Johnson
> Network Support Specialist / Systems Administrator
> Dept. of Mechanical and Nuclear Engineering
> 224 Reber Building
> University Park, PA 16802
> Phone: (814) 865-8267
> ____________________________
>
> > -----Original Message-----
> > From: Christian.Wittmer at intercomponentware.com
> > [mailto:Christian.Wittmer at intercomponentware.com]
> > Sent: Friday, August 06, 2004 3:59 AM
> > To: Shannon Johnson; samba at lists.samba.org
> > Subject: Re: [Samba] LDAP Idmap
> >
> > "Shannon Johnson" <sjohnson at engr.psu.edu>
> > Sent by:
> > samba-bounces+christian.wittmer=intercomponentware.com at lists.samba.org
> > 05.08.2004 22:59
> >
> >
> >         To:     <samba at lists.samba.org>
> >         cc:
> >         Subject:        [Samba] LDAP Idmap
> >
> > Hi shannon,
> >
> > a good start you'll find at www.idealx.org. There is a very good docu
>
> on
>
> > how to setup samba3-LDAP.
> > If you then running into problems.
> > ask the list.
> >
> > Chris
> >
> >
> >
> > I'm having quite a bit of trouble getting an LDAP directory set up for
> > the idmap backend for winbind. I've been working on it for quite a
> > while, and haven't found any very helpful websites or anything. I've
> > found quite a bit on how to set up a PDC using LDAP, which would be
> > nice, but I already have the PDC... I just need LDAP to host UID's and
> > GID's. The things I'd like to know are:
> >
> > 1.               What should the rootdn, suffix, and indexes be in the
> > slapd.conf? I think that the rootdn needs to match what I put in the
> > smb.conf for the "ldap admin dn", and I'm fairly sure the suffix needs
> > to match the "ldap suffix" from the smb.conf... I don't have any idea
> > about the indexes.
> > 2.               What needs to be in the ldif file to create the
>
> directory
>
> > properly? I've tried several that I've found online, both from the
>
> Samba
>
> > 3 By Example book, and lots of forum / mailing list posts. I'm not
>
> sure
>
> > if what I've tried has been correct, but it hasn't worked yet, and
>
> this
>
> > is one part I'm not sure about.
> > 3.               I think that once I get the first 2 things worked
>
> out, I
>
> > just
> > set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap
> > backend (which should point to ldap:ldap://127.0.0.1, if the server is
> > running on the same machine, right?), ldap idmap suffix, idmap uid,
>
> and
>
> > idmap gid), enter my password from the "smbpasswd -w" command, and
>
> once
>
> > I restart winbind, it should automatically start filling up the
> > directory, right?
> > 4.               Once I get the server going and filled up with UID's
>
> and
>
> > GID's,
> > for the clients, am I correct in saying that I alter the smb.conf to
> > include the ldap suffix, ldap admin dn, idmap backend, ldap idmap
> > suffix, idmap uid, and idmap gid, then again enter my password via
> > smbpasswd -w, change /etc/nsswitch.conf to be "passwd files ldap"
> > instead of "passwd files winbind", and it should work?
> >
> > This isn't documented very well anywhere, so I'd appreciate any hints
>
> or
>
> > suggestions anybody might have...
> >
> > Shannon
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba