hi, I set up a winbindd with a ldap backend, here is the relevant part of my smb.conf:
idmap backend = ldap:ldap://mail.rhel.homelinux.com ldap admin dn = cn=winbind,dc=example,dc=com ldap suffix = dc=example,dc=com ldap idmap suffix = ou=idmap On the ldap server I set up the ou=idmap and also permissions for cn=winbind to write into the ou=idmap: access to dn="(.),ou=idmap,dc=example,dc=com" by dn="cn=winbind,dc=example,dc=com" by * read when trying a "getent passwd" on the client I get the following error messages on the ldap-server: Oct 6 13:02:49 mail slapd[21955]: conn=2 op=22 SEARCH RESULT tag=101 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 MOD dn="cn=IdPool,ou=Idmap,dc=example,dc=com" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=23 RESULT tag=103 err=0 text= Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 ADD dn="SAMBASID=S-1-5-32-546,OU=IDMAP,DC=EXAMPLE,DC=COM" Oct 6 13:02:49 mail slapd[21955]: conn=2 op=24 RESULT tag=105 err=50 text=no write access to parent Oct 6 13:02:49 mail slapd[21955]: conn=2 op=25 SRCH base="ou=idmap,dc=example,dc=com" scope=2 filter="(&(objectClass=sambaIdmapEntry)(sambaSID=S-1-5-32-547))" so, seems that winbind have no write access on the PARENT! if I give him write access on dc=example,dc=com everything works just fine and the sid/uid/gib-mapping works wonderful. but why is winbind needing access on the parent and not just on the ou-container where the id-mapping happens, ou=idmap? can anybody explain that to me?! thanks and greetings, thorsten -- Thorsten Scherf <[EMAIL PROTECTED]>
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
