I've tried to convert my old config file to the new syntax for the idmap backend The current configuration is: Active Directory (domain: DPTINFO) for users, an openldap server on the samba host which storeq the mapping, and I use the ldap backend to make the job. I'm unable to get a working configuration using the document explained in idmap_ldap Here the relevant part: ======================== idmap uid = 10000-200000 idmap gid = 10000-200000 # old syntax needed to make the search work. idmap backend = ldap:ldap://oie.u-strasbg.fr/ ldap suffix = dc=iutinfo,dc=local idmap alloc backend = ldap idmap alloc config:ldap_url = ldap://oie.u-strasbg.fr/ idmap alloc config:ldap_base_dn = ou=Idmap,dc=iutinfo,dc=local idmap alloc config:ldap_user_dn = cn=admin,dc=iutinfo,dc=local idmap config DPTINFO:backend = ldap idmap config DPTINFO:ldap_url = ldap://oie.u-strasbg.fr/ idmap config DPTINFO:ldap_base_dn = ou=Idmap,dc=iutinfo,dc=local idmap config DPTINFO:ldap_user_dn = cn=admin,dc=iutinfo,dc=local winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes template homedir = /data/home/%U template shell = /bin/false ======================== I've stored secrets with "net idmap secret alloc XXXXXX" and "net idmap secret DPTINFO XXXXXX" I didn't have the two lines at beginning: > idmap backend = ldap:ldap://oie.u-strasbg.fr/ > ldap suffix = dc=iutinfo,dc=local and winbind was failling with "ERROR: missing idmap ldap url" When I added the first line, winbind was able to look into the ldap. But it couldn't store values, the result of ldap_add was :"invalid DN" With the second line, winbind could add values in the idmap ou. I think this part of idmap documentation is very important, tu understand what is hapenning.
Thanks, the docs will eventually be updated. - John T.
Raising version.
The idmapping has been rewritten in Samba 3.6.0 and the manpages have been updated accordingly. Closing out bug report. Please re-open if it's still an issue in 3.6.0. Thanks!