[Samba] idmap_nss needed together with idmap_ldap?

Alexander 'Leo' Bergolth leo at strike.wu-wien.ac.at
Mon Mar 9 21:36:52 GMT 2009


In my samba controlled domain, most users are stored in an LDAP
directory. The Unix boxes use nss_ldap but they also have a few local
users (mostly system-users) whose user-ids are not synchronized.

I've read the documentation about idmap_nss but I'm still not sure if
this is needed for my setup.
Will using idmap_nss in addition to idmap_ldap result in any benefit
(e.g. when mapping local, non-ldap unix users)?

I am thinking of a setup like:
-------------------- 8< --------------------
idmap domains = NSS TRUSTEDDOMAINS

# <is this needed?>
idmap config NSS:backend  = nss
idmap config NSS:readonly = yes
# </is this needed?>

idmap config TRUSTEDDOMAINS:default  = yes
idmap config TRUSTEDDOMAINS:backend  = ldap
idmap config TRUSTEDDOMAINS:readonly = no
idmap config TRUSTEDDOMAINS:ldap_url = ldap://
idmap config TRUSTEDDOMAINS:range    = 16777216-33554431

idmap alloc backend                  = ldap
idmap alloc config:ldap_url          = ldap://
idmap alloc config:range             = 16777216-33554431
-------------------- 8< --------------------

e-mail   ::: Leo.Bergolth (at) wu-wien.ac.at
fax      ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria

More information about the samba mailing list