[Samba] winbind: homeDirectory being ignored

[Brian Candler]

On 24/06/2014 16:12, Rowland Penny wrote:
> Try adding 'unixHomeDirectory: /home/user7' to the users AD info
>
> 'homedirectory' & 'unixHomeDirectory' are different attributes. 
Thanks for all the help so far.

Aside: I wrote an LDAP server library some years ago, so I understand 
some of the protocol internals. LDAP requires you to go to the trouble 
of defining a globally unique OID to identify every attribute - and then 
what actually gets sent on the wire is the text label, not the OID. Go 
figure.

RFC2307 uses the label "homeDirectory" for OID 1.3.6.1.1.1.1.3. It seems 
that in AD you can put both "homeDirectory" and "unixHomeDirectory" 
attributes, which are treated as different attributes in the database 
and on the wire, except they have the same OID. Yuk.

To be fair, RFC2307 is only an "experimental" RFC, and I don't think 
RFC2307bis was ever finalised.

As for groups: RFC2307 hardly mentions groups at all (memberUid is just 
defined as an attribute, and that's it).

Does anyone have any pointers to documentation about how Active 
Directory maps Unix gid and supplementary groups from LDAP entries and 
attributes? Because I'm having a hard time finding any. In particular, 
it seems to be using the gidNumber from the group object. But if a user 
is a member of multiple groups, how does it decide which is the primary 
group and which are supplementary groups?

Also: I can see no explicit binding between user8 and group "Domain 
Users" (i.e. no memberOf: attribute). Are all users implicitly members 
of this group?

Thanks,

Brian.