[Samba] samba4 DC, internal winbind_server: external idmap problem

Andy Igoshin ai at vsu.ru
Tue Dec 10 09:46:19 MST 2013


В Tue, 10 Dec 2013 13:45:18 +0100
steve <steve at steve-ss.com> пишет:
> On Sun, 2013-12-08 at 20:50 +0400, Andy Igoshin wrote:
> > On Sun, 08 Dec 2013 09:58:59 +0100
> > steve <steve at steve-ss.com> wrote:
> > > On Sun, 2013-12-08 at 01:08 +0400, Andy Igoshin wrote:  
> > > > On Sat, 07 Dec 2013 19:05:51 +0100
> > > > steve <steve at steve-ss.com> wrote:
> > > > 
> > 
> > yes, it works if i set 'idmap_ldb:use rfc2307 = yes' .
> > 
> > in our infrastructure there is an integration with windows AD.
> > user management works via ldap, passwords sync via patched ms ssod.
> > i can extend this integration in such way that
> > uidNumber/gidNumber/etc attributes are automatically added into
> > samba AD.
> > 
> > but when i started to play with samba4 i hoped it behaves
> > "more unix way". if to talk from the state where we are now then 
> > for instance something like
> > 'idmap_ldb:use sss = yes' (or use nss = yes ?)
> > 
> > i took a look at source4/winbind/idmap.c and also python code.
> > it seems it is rather easy to add 'idmap_ldb:use sss = yes'
> > functionality there. but here is the question - would it be samba way?
> > would samba team accept such patch?
> 
> Hi
> As from version 1.10, sssd includes its own (very nice) AD backend. I'm
> not sure what extra functionality you wish to code, save to say, the
> sssd config on the DC is already very straightforward as it is. I know
> that the devs are working hard to get winbind working on the DC too at
> the moment; it's on their roadmap for the next version I think. You
> could ask about your proposed sss code on samba-technical. The coders
> don't look here that much I don't think.

even in sssd 1.11.2 there are problems with ad/ldap backends.
so will see how it goes further in sssd and windbind.

thank you for giving me an idea to extend our existing integration with
windows AD for saving rfc2307 attributes in samba AD. it already works.


> HTH
> Steve


-- 
Andy Igoshin <ai at vsu.ru>                 Voronezh State University
sip:          ai at vsu.ru                  Network Operation Center
phone: +7 473 2281160, ext. 2020         Voronezh, Russia


More information about the samba mailing list