[Samba] Configuring idmap backends

Jayson Hurst swazup at gmail.com
Thu Apr 5 15:22:23 MDT 2012

I am playing with samba 3.6 and am wondering what is the best method for
configuring an LDAP idmap backend?

I would like my system to work with both local users, AD users, and AD
users that already have unix attributes.

I also have multiple trusted domains. So users could be cross-forest or

Would something like the following work for this setup?

  ldap admin dn = CN=IdmapAdmin

  idmap config * : range = 1 - 1000
  idmap config * : backend = tdb

  idmap config ALLDOMAINS : backend = ldap
  idmap config ALLDOMAINS : range = 1001-2147483647
  idmap config ALLDOMAINS : ldap_url = ldap://localhost
  idmap config ALLDOMAINS : read only = yes

Is ALLDOMAINS a valid entry to say "all trusted domains" or do I need to
list each and every trusted domain in a separate idmap config?

Also is the ldap admin a global setting that will work with the idmap
backend when set to ldap, or do I also need to set

 idmap config ALLDOMAINS : ldap_user_dn = CN=IdmapAdmin



More information about the samba mailing list