[Samba] idmap LDAP backend

Theodore Jencks tjencks at navis.com
Fri Mar 18 03:17:40 GMT 2005

I'm trying to use the LDAP backend for the idmap database but I just
can't seem to get it to work.  There really is rather pathetic
documentation out there on how to implement this.  I've basically got my
ldap server setup with an OU called smb and another OU under it called
idmap.  Here is my smb.conf file:




workgroup = HQ

server string = Theo's Samba Server

security = ADS

encrypt passwords = yes

load printers = no

log file = /var/log/samba/%m.log

max log size = 50

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

local master = no

domain master = no

dns proxy = no

wins server =

log level = 1

syslog = 0

ldap ssl = no


realm = HQ.NAVIS.NET

password server = hqdc01.hq.navis.net

winbind cache time = 10

winbind use default domain = yes

client use spnego = yes

template primary group = "HQ+Domain Users"

template shell = /bin/bash

winbind separator = +

winbind nested groups = yes


#idmap options for mapping SID to Unix uid, gid

idmap uid = 10000-20000

idmap gid = 10000-20000

idmap backend = "ldap:ldap://localhost"

ldap admin dn = "cn=Manager,dc=navis,dc=net"

ldap idmap suffix = "ou=idmap,ou=smb,dc=navis,dc=net"

ldap suffix = "ou=smb,dc=navis,dc=net"


#============================ Share Definitions

# This one is useful for people to share files


   comment = this is a test share

   path = /share/test

   read only = no

   public = yes

   writable = yes

   printable = no

   browseable = yes

   valid users = @"HQ+Domain Users"



All seems well with wbinfo and things work fine when I'm not using the
LDAP backend.  Please someone help this is driving me nuts!


Thanks in advance,




More information about the samba mailing list