[Samba] idmap LDAP backend

Theodore Jencks tjencks at navis.com
Mon Mar 21 19:30:14 GMT 2005 

Figure this out a little further:

I had the following in my smb.conf:
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap backend = ldap:ldap://localhost
ldap admin dn = cn=manager,dc=navis,dc=net
ldap suffix = "ou=smb,dc=navis,dc=net"
ldap idmap suffix = "ou=idmap"

I took the quotes off and now Winbind seems to connect to LDAP fine:
ldap suffix = ou=smb,dc=navis,dc=net
ldap idmap suffix = ou=idmap


I'm now getting this when I start Winbind in the Winbind log:
[2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lock/samba/gencache.tdb
[2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, timeout 660 seconds
[2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'ldap'
[2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'tdb'
[2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132)
  idmap_init: using 'ldap' as remote backend
[2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter =>
[(objectclass=sambaUnixIdPool)], scope => [2]
[2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949)
  The connection to the LDAP server was closed
[2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929)
  The LDAP server is succesfully connected
[2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
  Registered MSG_REQ_POOL_USAGE
[2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/03/21 11:16:26, 2]
nsswitch/winbindd_util.c:add_trusted_domain(175)
  Added domain HQ HQ.NAVIS.NET S-0-0
[2005/03/21 11:16:26, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(290)
  Using cleartext machine password


However I still think there is a problem because getent passwd only
returns local usernames.  When I'm not using the ldap idmap backend
getent passwd runs as expected giving both local and domain usernames.

Any help appreciated,
Theo


-----Original Message-----
From: samba-bounces+tjencks=navis.com at lists.samba.org
[mailto:samba-bounces+tjencks=navis.com at lists.samba.org] On Behalf Of
Theodore Jencks
Sent: Monday, March 21, 2005 9:52 AM
To: samba at lists.samba.org
Subject: RE: [Samba] idmap LDAP backend

Ok, I made the change however the LDAP backend for idmap is still not
working.  I set Winbind to debugging level 5 and get the following in
the logs:

[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/util.c:init_names(256)
  Netbios name list:-
  my_netbios_names[0]="THEO"
[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lock/samba/gencache.tdb
[2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, timeout 660 seconds
[2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'ldap'
[2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'tdb'
[2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132)
  idmap_init: using 'ldap' as remote backend
[2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter
=> [(objectclass=sambaUnixIdPool)], scope => [2]
[2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949)
  The connection to the LDAP server was closed
[2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929)
  The LDAP server is succesfully connected
[2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138)
  idmap_init: failed to initialize remote backend!


Looks like it tries to get what are called paged results and then it
fails to initialize remote backend.  I'm not quite sure what is going on
here and any further guidance would be greatly appreciated.

Thanks in advance,
Theo

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org] 
Sent: Friday, March 18, 2005 7:18 AM
To: Theodore Jencks
Cc: samba at lists.samba.org
Subject: Re: [Samba] idmap LDAP backend

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Theodore Jencks wrote:

| ldap idmap suffix = "ou=idmap,ou=smb,dc=navis,dc=net"
| ldap suffix = "ou=smb,dc=navis,dc=net"


change this to

	ldap suffix = "ou=smb,dc=navis,dc=net"
	ldap idmap suffix = "ou=idmap"



cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCOvELIR7qMdg1EfYRAqkxAJ4wivlVYXp6DmKIaXbl786I7CQOLwCfXL6w
XIO2bFqLhparOqZGF0BdgWo=
=MKbV
-----END PGP SIGNATURE-----

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list