From ff784e874586686901f21331ae4da34c56dc8812 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Wed, 15 May 2013 15:52:25 +0200 Subject: [PATCH 1/2] docs: mention AD prerequirements for using idmap_ad Reviewed-by: Stefan Metzmacher --- docs-xml/manpages/idmap_ad.8.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 2ae7fc8..0e33b77 100644 --- a/docs-xml/manpages/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -22,9 +22,12 @@ id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance - by the administrator by adding the posixAccount/posixGroup - classes and relative attribute/value pairs to the user and - group objects in the AD. + by the administrator by adding the uidNumber attributes for + users and gidNumber attributes for groups in the AD. Winbind + will only map users that have a uidNumber and whose primary + group have a gidNumber attribute set. It is however + recommended that all groups in use have gidNumber attributes + assigned, otherwise they are not working. Currently, the ad backend -- 1.8.2.2 From 65e9a51c48467070859dc1ad39c68b80db0f6bfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= Date: Tue, 14 May 2013 16:51:28 +0200 Subject: [PATCH 2/2] winbind/idmap_ad: be verbose about the user that we fail to map Reviewed-by: Stefan Metzmacher --- source3/winbindd/idmap_ad.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index bfe7d4b..b92e3a9 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -452,7 +452,7 @@ again: ctx->ad_schema->posix_gidnumber_attr, &id)) { - DEBUG(1, ("Could not get unix ID\n")); + DEBUG(1, ("Could not get SID for unix ID %u\n", (unsigned) id)); continue; } @@ -649,7 +649,8 @@ again: ctx->ad_schema->posix_gidnumber_attr, &id)) { - DEBUG(1, ("Could not get unix ID\n")); + DEBUG(1, ("Could not get unix ID for SID %s\n", + sid_string_dbg(map->sid))); continue; } if (!idmap_unix_id_is_in_range(id, dom)) { -- 1.8.2.2