[Samba] [obnox at samba.org: 3.6:idmap:Q2: get rid of (all/most) idmap alloc parameters for idmap_ldap ?]

Christopher Chan christopher.chan at bradbury.edu.hk
Sun Nov 28 20:18:18 MST 2010

Hi Michael,

I, for one, am using config alloc because that is how things were done 
on 3.0.xx before I migrated data to a new box that uses 3.5.4. I do not 
care very much about the configuration changes. But I beg you that 
documentation regarding idmap_ldap is updated including how idmap_ldap 

I had issues getting the configuration in 3.5.x to a state where I could 
run wbinfo --set-* successfully and I still have an outstanding issue 
where new accounts created in AD are not being automatically mapped by 
winbind and I have to manually create these mappings.

> In my idmap rewrite, I kept the alloc related parameters for the
> LDAP idmap backend for now:
> - idmap alloc config : ldap_url
> - idmap alloc config : ldap_base_dn
> - idmap alloc config : ldap_user_dn
> and the related idmap alloc secret.
> I would like to get rid of these.

Be my guest. I don't care so long as these changes are documented so 
that people will know what is going on. This will be the second time 
that I will have had to fight with changes in idmap ldap related 
configuration without notice.

> Therefore, I am asking here, if there is
> anyone out there using these?
> I can not imagine a reason why one would
> want to use different server and/or user+password
> for storing the uid/gid counter.

Right now there is nothing that actually explains to me what idmap_ldap 
does and so I don't have a clue as to what are you talking about.

> The only option that I would attest a certain, though minimal,
> right to exist is the ldap_base_dn. But usually, it should
> imho ok to store the uid/gid counter in the same location
> as the mappings.
> So, again: Are these options needed/used at all?

There is an awful lot of 'documentation' out there detailing the use of 
alloc. People go nuts just figuring out how to do winbind + ldap.

> Or can I remove them for 3.6.0 ?

Be my guest! Just update/provide documentation!

> Cheers - Michael
> Note: If we need to keep any of the options, the current form
> (idmap alloc config :<option>  = ...) would reference
> the default config, but my idmap rewrite would enable us
> to set these on a per-domain basis, which would call
> for options like this "idmap config DOMAIN : alloc_<option>")
> ----- End forwarded message -----

More information about the samba mailing list