[Samba] use of ‘idmap_ldb:use rfc2307 = yes’ in DCs
Rowland Penny
rpenny at samba.org
Thu Jun 20 09:18:33 UTC 2024
On Thu, 20 Jun 2024 08:40:07 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Thu, 20 Jun 2024 10:06:02 +1200
> Douglas Bagnall via samba <samba at lists.samba.org> wrote:
>
> > On 12/06/24 04:12, Rowland Penny via samba wrote:
> > > On Tue, 11 Jun 2024 17:02:58 +0100
> > > Luis Peromarta via samba <samba at lists.samba.org> wrote:
> > >
> > >> In what scenario should I use idmap_ldb:use rfc2307 = yes ? For
> > >> what purpose ?
> > >
> > > Good question. The only real use could be if you are adding
> > > rfc2307 attributes to AD AND using the DC as a fileserver (not
> > > recommended) AND also running Unix domain members using the 'ad'
> > > idmap backend. Even then, I am not convinced.
> > >
> > >>
> > >> I don’t see any use for it then.
> > >
> > > I am beginning to think the same.
> >
> > I see https://bugzilla.samba.org/show_bug.cgi?id=9840
> > ('"idmap_ldb:use rfc2307" is undocumented') is ready for anyone who
> > wants to fix a bug!
> >
> > Douglas
> >
> >
>
> If I remember correctly (and I cannot seem to get into bugzilla to
> check), there is also an open bug to remove 'idmap_ldb:use rfc2307'
> which is only set by default on the first DC in a domain.
>
> Rowland
>
>
OK, bugzilla is now working and there are actually two bugs for the
undocumented 'idmap_ldb:use rfc2307 = yes':
https://bugzilla.samba.org/show_bug.cgi?id=10616
The bug I referred to is:
https://bugzilla.samba.org/show_bug.cgi?id=13187
My feelings are that we should do both, stop setting the parameter on
the first DC and stop installing ypServ30.ldif (because it is useless
now, nothing uses it). We should then document 'idmap_ldb:use rfc2307'
to say it allows the use of uidNumber & gidNumber attributes on a Samba
AD DC.
Rowland
More information about the samba
mailing list