idmap_ldb:use rfc2307 = yes Only works for users, not groups.
In smb.conf, if
idmap_ldb:use rfc2307 = yes
then only uidNumber is returned from the directory.
If the object is a group, an entry is added to idmap.ldb and the directory is not consulted.
1. set idmap_ldb:use rfc2307 = yes in smb.conf
2. Create a user with:
3. run wbinfo --group-info=<group>
An entry for <group> is added to idmap.ldb and that value is used rather than the gidNumber attribute in the directory.
(This works fine for posixAccount and uidNumber)
Deleting the entry for <group> in idmap.ldb still returns the gidNumber from wbinfo. (In fact deleting it creates another entry with an incremented xidNumber).
Marked as [SOLVED] at:
Andrew mentioned some other stuff there. Leave this open for a bit longer?
I'm happy that the rfc2307 stuff works, so I'm marking this as fixed.
Some improvements will hit master soon, but the use case described in this bug is fixed.