Bug 146 - LDAP idmap needs documentation
Summary: LDAP idmap needs documentation
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Docs (show other bugs)
Version: 3.0.0preX
Hardware: All Linux
: P3 minor
Target Milestone: none
Assignee: Jelmer Vernooij
QA Contact:
: 14 (view as bug list)
Depends on:
Reported: 2003-06-04 14:22 UTC by Raphael Berghmans
Modified: 2005-11-14 09:31 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Berghmans 2003-06-04 14:22:00 UTC
When I try to compile Samba without IDMAP support (--with-idmap=no or --without-
idmap), the ./configure tell : checking whether to use IDMAP only for ugid 
mapping... no

but sam/idmap.c, idmap_tdb.c and idmap_util.c are compiled.

with "grep idmap * -r" I see that many compile object use idmap !

I've setup several users entries in a LDAP directory with the sambaSamAccount 
and posixAccount objecClass. Then each user has a mapping between NT SID and 
Unix UID. But even that pdbedit -L don't give me correct mapping (sometimes the 
uid associated with a user is "-1" and sometimes a number who has no Unix 
reality). But If I put in smb.conf idmap only = yes and idmap uid = 1000-1500, 
the mapping is correct but not based on the UID ldap informations . 

Thank you
Comment 1 Tim Potter 2003-06-04 18:17:51 UTC
I'm not sure about the status of the --with-idmap option in configure.  As you
point out it doesn't seem to be used anywhere in the code.

I'll investigate the pdbedit issue.
Comment 2 Raphael Berghmans 2003-06-05 01:53:32 UTC
You said that "I doesn't seem to be user anywhere in the code", but when the
compile of Samba is finished, with a "grep idmap * -r " I see :

Binary file bin/smbclient matches
Binary file bin/net matches
Binary file bin/smbspool matches
Binary file bin/testparm matches
Binary file bin/testprns matches
Binary file bin/smbstatus matches
Binary file bin/smbcontrol matches
Binary file bin/smbtree matches
Binary file bin/tdbbackup matches
Binary file bin/nmblookup matches
Binary file bin/pdbedit matches
Binary file bin/smbpasswd matches
Binary file bin/rpcclient matches
Binary file bin/smbcacls matches
Binary file bin/profiles matches
Binary file bin/ntlm_auth matches
Binary file bin/smbcquotas matches
Binary file bin/wbinfo matches
Binary file sbin/smbd matches
Binary file sbin/nmbd matches
Binary file sbin/swat matches
Binary file sbin/winbindd matches

Strange because normaly the idmap support is disabled !
Comment 3 Tim Potter 2003-06-05 16:37:53 UTC
I meant that configure sets the C preprocessor symbol WITH_IDMAP depending on
whether you do --with-idmap or --without-idmap.  The problem is that symbol is
not used to make any decisions in the code.

I think this is not strictly a build problem anymore so I'll pass it on to
someone else.
Comment 4 Tim Potter 2003-06-12 21:50:52 UTC
OK strictly this bug is fixed (the --with-idmap configure option has been
removed) but I'm not sure whether your problems are fixed.

The idmap code has undergone some major bug fixes recently as it was very
broken.  Can you retest using the latest Samba 3.0 CVS and say whether you are
still having problems?

Comment 5 Andrew Bartlett 2003-06-21 18:54:04 UTC
IDMAP can no longer be compiled out, and the only issue here seems to be
Comment 6 Tim Potter 2003-06-24 00:04:18 UTC
Reassigning to documentation dudes!
Comment 7 Jelmer Vernooij 2003-08-15 00:19:51 UTC
*** Bug 14 has been marked as a duplicate of this bug. ***
Comment 8 Jelmer Vernooij 2003-11-25 11:56:37 UTC
There's no longer any mention of --with-idmap in the docs and the LDAP idmap 
backend is documented now.
Comment 9 Gerald (Jerry) Carter (dead mail address) 2005-02-07 07:57:31 UTC
originally reported against 3.0aph24.  Bugzilla spring cleaning.  
Removing old alpha versions.
Comment 10 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:20:12 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 11 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:31:29 UTC
database cleanup