[Samba] Transfer winbind idmap to LDAP

Marcel de Riedmatten mdr at dotforge.ch
Wed Nov 17 17:23:46 GMT 2004

Le sam 13/11/2004 à 12:36, Paul Coray a écrit :
> Marcel de Riedmatten wrote:
> > Le mer 10/11/2004 à 11:21, Paul Coray a écrit :
> > 

> > 
> > 1) get the winbind-idmap in text form with a getent passwd for example
> I did that with # net idmap dump winbindd_idmap.tdb > 
> /tmp/winbindd_idmap.dump on the member server. the resulting file looks 
> like:
> ...
> UID 10013 S-1-5-21-98201057-1281969052-1085559986-1608
> UID 10202 S-1-5-21-98201057-1281969052-1085559986-1436
> UID 10138 S-1-5-21-98201057-1281969052-1085559986-1011
> UID 10105 S-1-5-21-98201057-1281969052-1085559986-1418
> UID 10067 S-1-5-21-98201057-1281969052-1085559986-1137
> ...

Actualy you want this information on the following form


This is because smbldap-useradd doesn't know about SID. The vampire use
it only for the posix part of the account. Again a getent passwd with
the unusefull line removed will do the trick.

> > 
> > 3) hack the script defined under "user add script" who will be adding
> > the users to use the information of 1). With the ldap backend this is
> > usually smbldap-useradd .
> Well, I'd like to, but my knowledge of Perl is still too limited :-( So 
> if any body can help, I think I'm not the only one who would appreciate 
> highly! Another way would be to modify the IDs of each user and Group in 
> LDAP after the vampire process.

I have had an other idea. You can just populate the posix account before
running the vampire according to the data you got under 1). The vampire
check if the account exist and if it exist smbldap-useradd is not
called. You can populate with the following script:

while read STRING ; do
  #echo $STRING
  UIDName=$(echo $STRING | cut -d : -f1)
  UIDNumber=$(echo $STRING | cut -d : -f3)
  GIDNumber=$(echo $STRING | cut -d : -f4)
  echo "Creating Account: $UIDName $UIDNumber $GIDNumber "
  $USERADD  -u $UIDNumber  -g $GIDNumber  $UIDName

call it populate.sh and do

# ./populate.sh < myaccountlistfile 

Depending of your data you might need something similar for your groups.


Marcel de Riedmatten

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
Url : http://lists.samba.org/archive/samba/attachments/20041117/b0302b30/attachment.bin

More information about the samba mailing list