|
Mapping Common UIDs/GIDs on Distributed Machines
Samba-3 has a special facility that makes it possible to maintain identical UIDs and GIDs
on all servers in a distributed network. A distributed network is one where there exists
a PDC, one or more BDCs, and/or one or more domain member servers. Why is this important?
This is important if files are being shared over more than one protocol (e.g., NFS) and where
users are copying files across UNIX/Linux systems using tools such as
rsync
.
The special facility is enabled using a parameter called
idmap backend
.
The default setting for this parameter is an empty string. Technically it is possible to use
an LDAP-based idmap backend for UIDs and GIDs, but it makes most sense when this is done for
network configurations that also use LDAP for the SAM backend.
Example Configuration with the LDAP idmap Backend
shows that configuration.
Example10.1.Example Configuration with the LDAP idmap Backend
| |
[global]
|
idmap backend = ldap:ldap://ldap-server.quenya.org:636
|
| # Alternatively, this could be specified as: |
idmap backend = ldap:ldaps://ldap-server.quenya.org
|
A network administrator who wants to make significant use of LDAP backends will sooner or later be
exposed to the excellent work done by PADL Software. PADL
https://www.padl.com have
produced and released to open source an array of tools that might be of interest. These tools include:
-
nss_ldap:
An LDAP name service switch (NSS) module to provide native
name service support for AIX, Linux, Solaris, and other operating systems. This tool
can be used for centralized storage and retrieval of UIDs and GIDs.
-
pam_ldap:
A PAM module that provides LDAP integration for UNIX/Linux
system access authentication.
-
idmap_ad:
An IDMAP backend that supports the Microsoft Services for
UNIX RFC 2307 schema available from the PADL Web
site.
|
