Bug 6689 - new idmap options aren't usuable
Summary: new idmap options aren't usuable
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Docs (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: John H Terpstra (mail address dead(
QA Contact: Samba Documentation QA Contact~
Depends on:
Reported: 2009-09-03 17:46 UTC by Blindauer Emmanuel
Modified: 2011-10-08 18:34 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Blindauer Emmanuel 2009-09-03 17:46:12 UTC
I've tried to convert my old config file to the new syntax for the idmap backend

The current configuration is: Active Directory (domain: DPTINFO) for users, an openldap server on the samba host which storeq the mapping, and I use the ldap backend to make the job.

I'm unable to get a working configuration using the document explained in idmap_ldap

Here the relevant part:

idmap uid = 10000-200000
idmap gid = 10000-200000
# old syntax needed to make the search work.
idmap backend = ldap:ldap://oie.u-strasbg.fr/
ldap suffix = dc=iutinfo,dc=local

idmap alloc backend = ldap
idmap alloc config:ldap_url = ldap://oie.u-strasbg.fr/
idmap alloc config:ldap_base_dn = ou=Idmap,dc=iutinfo,dc=local
idmap alloc config:ldap_user_dn = cn=admin,dc=iutinfo,dc=local

idmap config DPTINFO:backend = ldap
idmap config DPTINFO:ldap_url = ldap://oie.u-strasbg.fr/
idmap config DPTINFO:ldap_base_dn = ou=Idmap,dc=iutinfo,dc=local
idmap config DPTINFO:ldap_user_dn = cn=admin,dc=iutinfo,dc=local

winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
template homedir = /data/home/%U
template shell = /bin/false


I've stored secrets with "net idmap secret alloc XXXXXX" and "net idmap secret DPTINFO XXXXXX" 

I didn't have the two lines at beginning:
>  idmap backend = ldap:ldap://oie.u-strasbg.fr/
>  ldap suffix = dc=iutinfo,dc=local
and winbind was failling with "ERROR: missing idmap ldap url"
When I added the first line, winbind was able to look into the ldap.
But it couldn't store values, the result of ldap_add was :"invalid DN"
With the second line, winbind could add values in the idmap ou.

I think this part of idmap documentation is very important, tu understand what is hapenning.
Comment 1 John H Terpstra (mail address dead( 2010-02-04 14:48:34 UTC
Thanks, the docs will eventually be updated.

- John T.
Comment 2 Karolin Seeger 2010-04-08 03:30:43 UTC
Raising version.
Comment 3 Karolin Seeger 2011-10-08 18:34:09 UTC
The idmapping has been rewritten in Samba 3.6.0 and the manpages have been updated accordingly.
Closing out bug report.

Please re-open if it's still an issue in 3.6.0.