On Tue, 2007-09-11 at 14:39 +0200, Marc Muehlfeld wrote: > Hi, > > I tried to configure the new idmap interface. Currently without much success. > > I have two samba domains, trusting each other. Each PDC using it's own LDAP > server. I tried > > idmap domains = DOM1, DOM2 > idmap config DOM1:default = yes > idmap config DOM1:backend = ldap > idmap config DOM1:ldap_base_dn = ou=Idmap,dc=dom1,dc=mydomain,dc=de > idmap config DOM1:ldap_url = ldap://192.168.0.1 > idmap config DOM1:range = 10000 - 20000 > idmap alloc backend = ldap -----------^^^^^^^^^^^^^^^^^^^^^^^^^^ this is not enough, you have to explicitly configure the alloc backend For example: idmap alloc config:ldap_base_dn = ou=Idmap,dc=dom1,dc=mydomain,dc=de idmap alloc config:ldap_user_dn = <the privileged user dn> idmap alloc config:ldap_url = ldap://192.168.0.1 idmap alloc config:range = 10000-20000
> idmap config DOM2:default = no > idmap config DOM2:backend = ldap > idmap config DOM2:ldap_base_dn = ou=Idmap,dc=dom2,dc=mydomain,dc=de > idmap config DOM2:ldap_url = ldap://192.168.1.1 > idmap config DOM2:range = 10000 - 20000 > > idmap uid = 10000-20000 > idmap gid = 10000-20000 no need to add these if you use the new options > winbind separator = + > winbind enum users = yes > winbind enum groups = yes > template homedir = /home/%U > template shell = /bin/false > winbind nested groups = yes > winbind cache time = 300 > winbind nss info = template > winbind use default domain = yes > > But then I have the problem, that samba used the "ldap admin dn" account and > password for both LDAP server, but each have it's own. How can I configure a > second password for my trusted domain? you have to specify the ldap_user_dn option for each domain and the use net idmap secret In your case probably net idmap secret DOM1 <secret1> net idmap secret alloc <secret1> net idmap secret DOM2 <secret2> However if you read the man pages for idamp_ldap you will find all these informations. > Is there any usefull documentation, best would be with different samples, of > the new idmap interface? The manpage didn't helped me much for understanding > this. Maybe because you didn't read the actually relevant man page: man idmap_ldap Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba