[Samba] winbind rfc2307 mapping not "correct"
Neal A. Lucier
nlucier at math.purdue.edu
Thu Aug 3 17:59:42 GMT 2006
Gautier, B (Bob) wrote:
> ] On Behalf Of Neal A. Lucier
>>
>>IMHO the option "winbind nss info = rfc2307" does not fully
>>conform to the rfc2307 spec to generate user and group data
>>and is thus "incorrect".
>>...
>
>
> You make some interesting points, but some (much?) of the existing
> idmap_ad behaviour makes it fit quite naturally into an (ok, my)
> existing AD environment.
>
The problem is I don't have an existing AD environment. I have an
existing POSIX environment, that I am trying to map into AD in such a
way that samba can then map it back to the POSIX enivornment.
> Won't 'idmap backend = ldap' give you the functionality you are asking
> for? (Especially if you set it up to query the GC?)
>
It is my understanding that 'idmap backend = ldap' does not query the
ldap server expecting to find mappings between SID and UID that were not
made by idmap, but rather uses an ldap backend to store the internal
mappings that idmap is performing. Essentially instead of having a
idmap.tdb file, you have an ou in your ldap directory for multiple samba
servers to share.
Neal
More information about the samba
mailing list