When built with winbind support and setting up smb.conf and an LDAP directory based on the SambaWiki article "Ldapsam Editposix" (http://wiki.samba.org/index.php/Ldapsam_Editposix) while respecting the changes made to the idmap configuration options as of 3.3 (http://us1.samba.org/samba/history/samba-3.3.0.html), provisioning the LDAP backend using "net sam provision" fails, and the log.winbindd-idmap log file describes the error with:
[<date> <time>, 3] lib/module.c:do_smb_load_module(48)
Error loading module '/usr/lib/samba/samba/idmap/ldap.so': /usr/lib/samba/samba/idmap/ldap.so: cannot open shared object file: No such file or directory
[<date> <time>, 1] winbindd/idmap.c:idmap_alloc_init(578)
could not find idmap alloc module ldap
This behaviour is produced in 3.3.0 and 3.3.1, and the same LDAP server was used and originally provisioned with Samba 3.2.8 without problems. The relevant portions of smb.conf are below.
workgroup = MYDOMAIN
security = user
domain logons = yes
domain master = yes
preferred master = yes
enable privileges = yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=Manager,dc=mydomain,dc=com
ldap suffix = dc=mydomain,dc=com
ldap ssl = no
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
ldap delete dn = yes
ldapsam:trusted = yes
ldapsam:editposix = yes
idmap backend = ldap
idmap uid = 10000-19999
idmap gid = 10000-19999
idmap config MYDOMAIN : backend = ldap
idmap config MYDOMAIN : readonly = no
idmap config MYDOMAIN : ldap_base_dn = dc=Idmap,dc=mydomain,dc=com
idmap config MYDOMAIN : ldap_user_dn = cn=Manager,dc=mydomain,dc=com
idmap config MYDOMAIN : ldap_url = ldap://127.0.0.1/
idmap alloc backend = ldap
idmap alloc config : ldap_base_dn = dc=Idmap,dc=mydomain,dc=com
idmap alloc config : ldap_user_dn = cn=Manager,dc=mydomain,dc=com
idmap alloc config : ldap_url = ldap://127.0.0.1/
Can you post the output of: smbd -b ?
Created attachment 3957 [details]
Output of smbd -b
This is the output of 'smbd -b' (the build options) from the Arch Linux package samba-3.3.1-1, which has the same bug and is known to be built with the idmap_ldap module.
Strange, the builtin modules list shows imdap_ldap as compiled in.
Winbindd shouldn't try to open an external shared object for it ...
It looks like smb_register_idmap_alloc and smb_register_idmap (in winbindd/idmap.c) aren't being called when they should be, so the alloc_backends list is empty when get_alloc_methods is called from line 567 of winbindd/idmap.c. This in turn makes idmap_alloc_ctx->methods NULL at 567, so at 570 it calls smb_probe_module, which is why it ends up looking for a shared library.
*** This bug has been marked as a duplicate of bug 6286 ***