idmapwb

idmapwb [OPTIONS]

-P, --push
    Action: Instructs idmapwb to add or update a SID-to-UID/GID mapping in the internal database. This option requires specifying a SID and either a UID or GID to establish or modify the mapping.

-L, --lookup
    Action: Used to look up an existing SID-to-UID/GID mapping. When this option is used, you must provide either a SID or a UID/GID, and idmapwb will return its corresponding mapped identifier if found.

-D, --delete
    Action: Removes a specified SID-to-UID/GID mapping from the database. This operation typically requires identifying the mapping to be removed, usually by providing the SID or the mapped UID/GID.

-s <SID>, --sid=<SID>
    Argument: Specifies the Windows Security Identifier (SID) that is involved in the mapping operation (e.g., for push, lookup, or delete actions). A SID uniquely identifies a user, group, or computer within a Windows domain.

-r <RID>, --rid=<RID>
    Argument: Specifies a Relative Identifier (RID). RIDs are typically used in conjunction with a domain SID to form a complete, unique SID for an account or group within that domain.

-u <UID>, --uid=<UID>
    Argument: Specifies the Unix User Identifier (UID) that is involved in the mapping operation, representing a local Unix user.

-g <GID>, --gid=<GID>
    Argument: Specifies the Unix Group Identifier (GID) that is involved in the mapping operation, representing a local Unix group.

-v, --verbose
    Option: Increases the verbosity of the output. Using this option provides more detailed information about the operations being performed by idmapwb.

-d <level>, --debuglevel=<level>
    Option: Sets the debug level for the command's execution. A higher level (e.g., 10 for maximum detail) will produce more extensive debugging output, useful for troubleshooting.

-?, --help
    Option: Displays a concise help message about the command's usage and available options, then exits.

--version
    Option: Prints the version information of the idmapwb utility and then exits.

idmapwb is an internal helper utility for the winbindd daemon, which is a core component of the Samba suite. Its primary function is to manage the mapping between Windows Security Identifiers (SIDs) and local Unix User Identifiers (UIDs) or Group Identifiers (GIDs). This utility is specifically utilized by the idmap_wb backend to persist and retrieve these mappings within winbindd's internal database.

While it can be invoked directly from the command line, idmapwb is not typically meant for routine administrator interaction. Instead, it is primarily called by winbindd itself to ensure consistent and persistent identity resolution in mixed Windows/Unix environments. It performs operations like adding, updating, looking up, and deleting SID-to-UID/GID mappings.

idmapwb is predominantly an internal utility of the Samba winbindd daemon and is rarely invoked directly by system administrators in typical operation. Incorrect direct usage, especially with the --push or --delete options, could potentially corrupt winbindd's internal ID mapping database, leading to identity resolution issues and service disruption. Its functionality is dependent on a correctly running and configured winbindd process that uses the idmap_wb backend.

The idmap_wb backend is a unique ID mapping method within Samba's winbindd. Unlike idmap_tdb, which uses a simple TDB file for storage, or idmap_ad, which queries Active Directory directly, idmap_wb leverages winbindd's own internal database for storing and retrieving SID-to-UID/GID mappings. This approach can be particularly beneficial in configurations where winbindd is responsible for dynamically allocating and managing Unix IDs.

idmapwb directly interacts with the internal database managed by winbindd. This database is where the critical associations between Windows SIDs and their corresponding Unix UIDs/GIDs are stored. While idmapwb offers command-line access to these functions, its primary role is to be called by winbindd itself whenever the daemon needs to create, retrieve, or update these mappings as part of its ongoing operation (e.g., when new users are authenticated or discovered from a Windows domain).

idmapwb emerged as part of the ongoing development of Samba's winbindd daemon, specifically to provide a robust and persistent ID mapping solution for Windows SIDs to Unix UIDs/GIDs. As Samba evolved to support complex Active Directory environments, flexible and reliable ID mapping became crucial. The idmap_wb backend and its helper idmapwb were developed to use winbindd's internal database for these mappings, offering a complementary alternative to other backends like idmap_tdb or idmap_ad, which store mappings differently or retrieve them from Active Directory itself. Its development is tied to the need for winbindd to autonomously manage ID allocations.

winbindd(8), samba(7), smb.conf(5), idmap_tdb(8), idmap_ad(8)