[Samba] Understanding ID mapping between a campus AD and a local LDAP

Rowland penny rpenny at samba.org
Tue Mar 23 15:00:10 UTC 2021

On 23/03/2021 14:43, Jonathon A Anderson via samba wrote:
> We’re trying to get ID mapping set up between a campus AD and our internal LDAP. I’ve tried both idmap_rfc2307 and idmap_nss backends; but if my LDAP uidNumber doesn’t match my AD uidNumber, mapping doesn’t appear to work. This surprises me because the _names_ match (AD sAMAccountName and LDAP uid (name)), and I thought that the whole point of idmap was to translate an AD username into a UNIX uidNumber. What am I misunderstanding or doing wrong?
> For example, when using idmap_nss, I see that it’s trying to call getpwuid with my AD uidNumber, rather than with my LDAP uidNumber.
> I feel like I’m missing something fundamental about how idmap works and what it’s for if it’s trying to look up a local identity by the AD uidNumber rather than by the LDAP uidNumber or uid (name).
> Thanks for you attention and advice.
> ~jonathon

It sounds like you are trying to map users & groups from two places at 
once, if this is the case, I don't think it is ever going to work.

what do you use the ldap for ?


More information about the samba mailing list