[Samba] My lack of understanding of idmap

[Alexander E. Patrakov]

Hello,

I don't completely understand the BDC setup as described in the Chapter 
6 of The Official Samba-3 HOWTO and Reference Guide.

The reason is that the example setup uses LDAP idmap backend. For 
simplicity, the solution is discussed when both PDC and BDC use a Single 
Central LDAP Server. (I have never experimented with BDCs before, but 
have already set up a LDAP-backed PDC).

As I understand, LDAP is used there for two purposes. First, the account 
database is there (typically, in sambaSamAccounts under 
ou={People,Computers},dc=example,dc=com, and in sambaGroupMappings under 
ou=Groups,dc=example,dc=com). Second, the mapping between SIDs, uids and 
gids is stored under ou=Idmap,dc=example,dc=com in sambaIdmapEntries and 
sambaSidEntries. Right?

However, it also looks possible to store posix account information in 
posixAccounts under ou={People,Computers},dc=example,dc=com, as in fact 
many tools (LAM and those from IDEALX) do. Does it really work in a PDC 
+ BDC setup?

Are those two methods of storing uids and gids really mutually 
exclusive, as I suspect? What are benefits and drawbacks of each?

Do I really need to set up idmap things and run winbindd if I want to 
keep posix information in posixAccounts?

Thanks in advance,

-- 
Alexander E. Patrakov