[Samba] [obnox at samba.org: 3.6:idmap:Q2: get rid of (all/most) idmap alloc parameters for idmap_ldap ?]
christopher.chan at bradbury.edu.hk
Sun Nov 28 20:18:18 MST 2010
I, for one, am using config alloc because that is how things were done
on 3.0.xx before I migrated data to a new box that uses 3.5.4. I do not
care very much about the configuration changes. But I beg you that
documentation regarding idmap_ldap is updated including how idmap_ldap
I had issues getting the configuration in 3.5.x to a state where I could
run wbinfo --set-* successfully and I still have an outstanding issue
where new accounts created in AD are not being automatically mapped by
winbind and I have to manually create these mappings.
> In my idmap rewrite, I kept the alloc related parameters for the
> LDAP idmap backend for now:
> - idmap alloc config : ldap_url
> - idmap alloc config : ldap_base_dn
> - idmap alloc config : ldap_user_dn
> and the related idmap alloc secret.
> I would like to get rid of these.
Be my guest. I don't care so long as these changes are documented so
that people will know what is going on. This will be the second time
that I will have had to fight with changes in idmap ldap related
configuration without notice.
> Therefore, I am asking here, if there is
> anyone out there using these?
> I can not imagine a reason why one would
> want to use different server and/or user+password
> for storing the uid/gid counter.
Right now there is nothing that actually explains to me what idmap_ldap
does and so I don't have a clue as to what are you talking about.
> The only option that I would attest a certain, though minimal,
> right to exist is the ldap_base_dn. But usually, it should
> imho ok to store the uid/gid counter in the same location
> as the mappings.
> So, again: Are these options needed/used at all?
There is an awful lot of 'documentation' out there detailing the use of
alloc. People go nuts just figuring out how to do winbind + ldap.
> Or can I remove them for 3.6.0 ?
Be my guest! Just update/provide documentation!
> Cheers - Michael
> Note: If we need to keep any of the options, the current form
> (idmap alloc config :<option> = ...) would reference
> the default config, but my idmap rewrite would enable us
> to set these on a per-domain basis, which would call
> for options like this "idmap config DOMAIN : alloc_<option>")
> ----- End forwarded message -----
More information about the samba