[Samba] re Trouble with idmap_ldap in 3.3.6

Charles Weber chaweber at gmail.com
Mon Aug 3 10:18:59 MDT 2009 

I took your comment to mean
change this:
idmap backend =  "ldap:ldap://x.x.x" "ldap:ldap://y.x.x"
to this:
idmap backend =  "ldap:ldap://x.x.x ldap:ldap://y.x.x"

Did not make any difference.

In fact I just added the quotes today to see if they made a difference.
all our production samba servers have no quotes in the ldap/idmap stanzas.

So I took off all quotes to revert to my known good. It does not work.

I then added the single set of double quotes to the idmap backend and that
does work.
So the answer is:

ldap admin dn = cn=Manager,dc=xxx,dc=xxx
ldap idmap suffix = ou=xxx
ldap suffix = dc=xxx,dc=xxx
ldap ssl = no
idmap backend =  "ldap:ldap://x.x.x ldap:ldap://y.x.x"

And ldap idmap works just fine for 3.3.7.

thanks,
chuck




On Mon, Aug 3, 2009 at 11:35 AM, William Jojo <w.jojo at hvcc.edu> wrote:

> Charles Weber wrote:
>
>> We also have been using samba 2 and 3 for years with ldap idmap.
>> This occurs whether I use sernet 3.3.7 rpms or build my own from
>> samba.org3.3.7 tgz.
>>
>> I increased logging and here is what I get in log.winbindd-idmap.
>>
>> [root at niairphome2 ~]# tail -f /var/log/samba/log.winbindd-idmap
>> [2009/08/03 10:46:24,  3] lib/module.c:do_smb_load_module(48)
>>  Error loading module '/usr/lib64/samba/idmap/"ldap.so':
>> /usr/lib64/samba/idmap/"ldap.so: cannot open shared object file: No such
>> file or directory
>> [2009/08/03 10:46:24,  3] winbindd/idmap.c:idmap_init_domain(307)
>>  Could not probe idmap module "ldap
>> [2009/08/03 10:46:24,  3] winbindd/idmap.c:idmap_new_mapping(670)
>>  no default domain, no place to write
>>
>>
>> This is using CentOS 5.3 and the old style ldap settings that work fine in
>> samba 3.03x and samba 3.2.x.
>>
>> ldap admin dn = "cn=Manager,dc=xxx,dc=xxx"
>> ldap idmap suffix = "ou=xxx"
>> ldap suffix = "dc=xxx,dc=xxx"
>> ldap ssl = no
>> idmap backend =  "ldap:ldap://x.x.x" "ldap:ldap://y.x.x"
>>
>>
>
> One set of quotes in the above. That should fix the problem.
>
>
> Cheers,
> Bill
>
>
>
>  idmap uid = 15000-110000
>> idmap gid = 15000-110000
>>
>> I tried the new idmap alloc syntax and it made no difference.
>> ldap.so does exist in /usr/lib64/samba/idmap/, but of course "ldap.so does
>> not.
>>
>> Chuck
>>
>>
>
>

More information about the samba mailing list