Hi,
Two questions regarding the use of group map combined with ldapsam.
First, the Official HOWTO is relatively unclear about what need to be done wrt to group map when using ldapsam. It state it is the responsability of the admin to add the group map to the ldap backend, but nothing else. What need to be in an LDAP groupmap object ? I tried the following LDIF, and it seem to work using "net groupmap list" :
# Domain Users, Group, domain.com dn: displayName=Domain Users,ou=Group,dc=domain,dc=com objectClass: sambaSidEntry objectClass: sambaGroupMapping gidNumber: 100 description: Netbios Domain Users sambaSID: S-1-5-21-3952100455-2014430628-1234567890-513 sambaGroupType: 2 displayName: Domain Users
Notice that the object is not of objectClass posixAccount. Also not that the gidNumber is the one of the "users" group, defined in /etc/group. Similarly, I want to map the "Domain Guests" group to Unix group nobody, and "Domain Admins" to group root. Are there implication I should be aware of ? Any better way to achieve similar results ?
Also, I can list group map with "net groupmap list", but I fail to add any groupmap. Example :
[EMAIL PROTECTED] root]# net groupmap add ntgroup=blah unixgroup=wheel No rid or sid specified, choosing algorithmic mapping adding entry for group blah failed!
Logs are silent. How come ? Are we supposed to managed the group map at the LDAP level, and forego the use of "net groupmap" for this purpose?
Thanks very much for your input !
Etienne Goyer
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
