The branch, v3-6-test has been updated via 006ba0c docs: mention AD prerequirements for using idmap_ad via 1779473 winbind/idmap_ad: be verbose about the user that we fail to map from 1f601d1 Ensure we test the dirsort module in make test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit 006ba0cc73a3fe484452f594a25dd3bfee9b39fd Author: Björn Jacke <b...@sernet.de> Date: Wed May 15 15:52:25 2013 +0200 docs: mention AD prerequirements for using idmap_ad Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit c3057f69a274f0d8e0e66183bd5e8be7703b6750) Reviewed-by: David Disseldorp <dd...@samba.org> The last 2 patches address bug #9880 - Use of wrong RFC2307 primary group field. commit 17794737fedf095212cf45920dd1e29b5a1a9fa0 Author: Björn Jacke <b...@sernet.de> Date: Tue May 14 16:51:28 2013 +0200 winbind/idmap_ad: be verbose about the user that we fail to map Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit f08205be7003f6c0a15fd5fd99d01951164ad15c) Reviewed-by: David Disseldorp <dd...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages-3/idmap_ad.8.xml | 9 ++++++--- source3/winbindd/idmap_ad.c | 5 +++-- 2 files changed, 9 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml index fbadaf2..2f7c0f1 100644 --- a/docs-xml/manpages-3/idmap_ad.8.xml +++ b/docs-xml/manpages-3/idmap_ad.8.xml @@ -22,9 +22,12 @@ id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance - by the administrator by adding the posixAccount/posixGroup - classes and relative attribute/value pairs to the user and - group objects in the AD.</para> + by the administrator by adding the uidNumber attributes for + users and gidNumber attributes for groups in the AD. Winbind + will only map users that have a uidNumber and whose primary + group have a gidNumber attribute set. It is however + recommended that all groups in use have gidNumber attributes + assigned, otherwise they are not working.</para> <para> Note that the idmap_ad module has changed considerably since diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index cf15f03..2b35a4f 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -457,7 +457,7 @@ again: ctx->ad_schema->posix_gidnumber_attr, &id)) { - DEBUG(1, ("Could not get unix ID\n")); + DEBUG(1, ("Could not get SID for unix ID %u\n", (unsigned) id)); continue; } @@ -654,7 +654,8 @@ again: ctx->ad_schema->posix_gidnumber_attr, &id)) { - DEBUG(1, ("Could not get unix ID\n")); + DEBUG(1, ("Could not get unix ID for SID %s\n", + sid_string_dbg(map->sid))); continue; } if (!idmap_unix_id_is_in_range(id, dom)) { -- Samba Shared Repository