[Samba] Understanding ID mapping between a campus AD and a local LDAP

Jonathon A Anderson jonathon.anderson at colorado.edu
Tue Mar 23 14:43:45 UTC 2021

We’re trying to get ID mapping set up between a campus AD and our internal LDAP. I’ve tried both idmap_rfc2307 and idmap_nss backends; but if my LDAP uidNumber doesn’t match my AD uidNumber, mapping doesn’t appear to work. This surprises me because the _names_ match (AD sAMAccountName and LDAP uid (name)), and I thought that the whole point of idmap was to translate an AD username into a UNIX uidNumber. What am I misunderstanding or doing wrong?

For example, when using idmap_nss, I see that it’s trying to call getpwuid with my AD uidNumber, rather than with my LDAP uidNumber.

I feel like I’m missing something fundamental about how idmap works and what it’s for if it’s trying to look up a local identity by the AD uidNumber rather than by the LDAP uidNumber or uid (name).

Thanks for you attention and advice.


More information about the samba mailing list