[Samba] User/Group HWM ignored when converting idmap from tdb to LDAP

[Erik Forsberg]

Hi!

I'm trying to convert my tdb-based idmap mapping to a LDAP-based
one. This generally works as intended, with one exception - the
highest uidNumber/gidNumber in use is not transferred, and this causes
duplicate use of the same uid/gidNumber.

Here's what I'm doing:

1) net idmap dump /var/cache/samba/winbindd_idmap.tdb > idmap.dump

2) Set idmap backend in smb.conf to ldap:ldap://myldapserver.

3) net idmap restore < idmap.dump, which gives me the following
output:

ignoring invalid line [USER HWM 10002]
ignoring invalid line [GROUP HWM 10008]
USER HWM: 10000  GROUP HWM: 10000

Now, the problem is that the uidNumber and gidNumber on the object in
the LDAP database with the sambaUnixIdPool object class are not set to
the highest values in use from idmap.dump, but instead to the low
value in the 'idmap uid' and 'idmap gid' ranges set in smb.conf.

When new user or group objects are added to the idmap database, the
values from the sambaUnixIdPool object will be used. This means that
if uidNumber on the sambaUnixIdPool is set to 10000, and there is
already a SID<->uidNumber mapping using uidNumber 10000, there will be
two different SID<->uidNumber mappings using uidNumber 10000.

Is this a bug, or am I doing something wrong? 

Regards,
\EF
-- 
Erik Forsberg                OpenSource-based Thin Client Technology
Systems Analyst/Developer    Phone: +46-13-21 46 00    
Cendio AB    	             Web: http://www.cendio.com