[Samba] Winbind uselessly using up Idmap range in ldap

Alex Crow acrow at integrafin.co.uk
Tue Jan 18 04:08:53 MST 2011

On 17/01/11 16:33, Gaiseric Vandal wrote:
> I started on samba 3.0.x and upgrades to 3.4.x.    Still having only 
> partial success myself.    I have different "ou" objects in ldap for 
> the allocation range and each trusted domain .
> My smb.conf (editted somewhat) is below.
> I would that the idmapping would be created in the correct OU for each 
> domain.  I also found that the idmap id would be allocated from the 
> "idmap alloc config" range, regardless of the range specified for the 
> particular domain.     So  the an idmap entry would be created for the 
> TRUSTEDOMAIN1 in the ou=trusteddomain container but with a UID in the 
> 30000 range not the 40000 range.
> Not sure if this provides any insight.


This is what sernet told me:

I had a lengthy discussion with the developer, who did (actually still does)
the rewrite of the idmap code for 3.6 which is urgently needed. It turns out
that there are much more limitations in the current code base than I thought.
Actually allocation can only be done by a single idmap backend and that is the
default backend.

So, it seems that idmap alloc backend cannot be used any more. I am 
using the default backend as suggested here.



This message is intended only for the addressee and may contain
confidential information.  Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.

"Transact" is operated by Integrated Financial Arrangements plc
Domain House, 5-7 Singer Street, London  EC2A 4BQ
Tel: (020) 7608 4900 Fax: (020) 7608 5300
(Registered office: as above; Registered in England and Wales under number: 3727592)
Authorised and regulated by the Financial Services Authority (entered on the FSA Register; number: 190856)

More information about the samba mailing list