Bug 3838 - Documentation on idmap storage in LDAP incorrect
Summary: Documentation on idmap storage in LDAP incorrect
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Docs (show other bugs)
Version: 3.0.22
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba Documentation QA Contact~
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-06-14 08:51 UTC by Erik Forsberg (dead mail address)
Modified: 2021-02-10 11:46 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Forsberg (dead mail address) 2006-06-14 08:51:00 UTC 
I have a case where several Linux machines, all of them fetching information about users and groups from an AD domain via winbind, share home directories via an NFS export from a Linux server. Therefore, I need consistent uid/gid mapping among all machines. I tried to implement idmap storage via LDAP following Chapter 13 in the official howto. 

To me, http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2573773 ("IDMAP Storage in LDAP Using Winbind") seems plain wrong. It talks about using nss_ldap to fetch uid/gid information, but with the setup described in that section, no uid/gid information is stored in LDAP. Instead, only the mapping between SID and uid/gid is stored, just as in the case where a local .tdb is used as winbind idmap backend.

The same goes for the following section, "IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension"

To me, it seems like all information about nss_ldap should be removed. Instead, you should use nss_winbind to fetch the required information.
Comment 1 Björn Jacke 2021-02-10 11:46:56 UTC 
the howto has been unmaintained since a long time and is removed from samba these days. The man pages and the wiki contain more up-to-date information.