When I try to compile Samba without IDMAP support (--with-idmap=no or --without- idmap), the ./configure tell : checking whether to use IDMAP only for ugid mapping... no but sam/idmap.c, idmap_tdb.c and idmap_util.c are compiled. with "grep idmap * -r" I see that many compile object use idmap ! I've setup several users entries in a LDAP directory with the sambaSamAccount and posixAccount objecClass. Then each user has a mapping between NT SID and Unix UID. But even that pdbedit -L don't give me correct mapping (sometimes the uid associated with a user is "-1" and sometimes a number who has no Unix reality). But If I put in smb.conf idmap only = yes and idmap uid = 1000-1500, the mapping is correct but not based on the UID ldap informations . Thank you
I'm not sure about the status of the --with-idmap option in configure. As you point out it doesn't seem to be used anywhere in the code. I'll investigate the pdbedit issue.
You said that "I doesn't seem to be user anywhere in the code", but when the compile of Samba is finished, with a "grep idmap * -r " I see : Binary file bin/smbclient matches Binary file bin/net matches Binary file bin/smbspool matches Binary file bin/testparm matches Binary file bin/testprns matches Binary file bin/smbstatus matches Binary file bin/smbcontrol matches Binary file bin/smbtree matches Binary file bin/tdbbackup matches Binary file bin/nmblookup matches Binary file bin/pdbedit matches Binary file bin/smbpasswd matches Binary file bin/rpcclient matches Binary file bin/smbcacls matches Binary file bin/profiles matches Binary file bin/ntlm_auth matches Binary file bin/smbcquotas matches Binary file bin/wbinfo matches Binary file sbin/smbd matches Binary file sbin/nmbd matches Binary file sbin/swat matches Binary file sbin/winbindd matches Strange because normaly the idmap support is disabled !
I meant that configure sets the C preprocessor symbol WITH_IDMAP depending on whether you do --with-idmap or --without-idmap. The problem is that symbol is not used to make any decisions in the code. I think this is not strictly a build problem anymore so I'll pass it on to someone else.
OK strictly this bug is fixed (the --with-idmap configure option has been removed) but I'm not sure whether your problems are fixed. The idmap code has undergone some major bug fixes recently as it was very broken. Can you retest using the latest Samba 3.0 CVS and say whether you are still having problems? Thanks!
IDMAP can no longer be compiled out, and the only issue here seems to be documentation.
Reassigning to documentation dudes!
*** Bug 14 has been marked as a duplicate of this bug. ***
There's no longer any mention of --with-idmap in the docs and the LDAP idmap backend is documented now.
originally reported against 3.0aph24. Bugzilla spring cleaning. Removing old alpha versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup