[Samba] move to Idmap with ldap

Caleb O'Connell caleb at privacyassociation.org
Thu Nov 10 10:59:47 MST 2011

I have a functioning samba & ldap setup.  I'm using smbldap-tools and I want 
to move to using Idmap as a backend.

Currently Ldap looks like:

-- --uid=name$,ou=Computers,dc=domain,dc=org

-- --cn=group,ou=Groups,dc=domain,dc=org


-- --uid=name,ou=Users,dc=domain,dc=org

Currently Idmap is empty, and all the other entries hold computer accounts, 
user accounts and group listings as expected.

I have all the built in accounts in Users and Groups.
Looking at the configs on the samba wiki for Idmap, it doesn't look like I 
have to do much to move over.

What goes in the Idmap container? do I have to move the users, computer and 
groups under that entry?  Do new users get created within that container?

I couldn't find a howto for specifically what I'm looking for.

Any advice would be great, thanks.

More information about the samba mailing list