[Samba] Understanding ID mapping between a campus AD and a local LDAP
Jonathon A Anderson
jonathon.anderson at colorado.edu
Tue Mar 23 14:43:45 UTC 2021
We’re trying to get ID mapping set up between a campus AD and our internal LDAP. I’ve tried both idmap_rfc2307 and idmap_nss backends; but if my LDAP uidNumber doesn’t match my AD uidNumber, mapping doesn’t appear to work. This surprises me because the _names_ match (AD sAMAccountName and LDAP uid (name)), and I thought that the whole point of idmap was to translate an AD username into a UNIX uidNumber. What am I misunderstanding or doing wrong?
For example, when using idmap_nss, I see that it’s trying to call getpwuid with my AD uidNumber, rather than with my LDAP uidNumber.
I feel like I’m missing something fundamental about how idmap works and what it’s for if it’s trying to look up a local identity by the AD uidNumber rather than by the LDAP uidNumber or uid (name).
Thanks for you attention and advice.
More information about the samba