[Samba] sambaDomain Question

Andrey Nepomnyaschih A.Nepomnyschih at chartpilot.ru
Mon Jul 21 07:22:27 GMT 2003 

Hello Jim,

Yes I understand this theory while there's no efficient way for querying
password backend for the mapping between rid and uid/gid. But
considering that Andrew Bartlett (Sat, 2003-06-28) wrote the following:

	With Samba 3.0beta2 (and current CVS) if you have an
	entry	in LDAP with both the SambaSID and 	the uidNumber
	it should use that mapping.

	Likewise for groups, with that sambaGroupMapping.

	You should consider your case carefully - only do this
	if you need to, and consider if you want 	to adjust
	the value of 'algrithmic RID base' to avoid having
	an algorithmic RID in that space.

	Andrew Bartlett

Doesn't that means that at least for ldap backend (I'm unsure for the
others) the algorithm of calculating becomes outdated and cumbersome for
new installations. If I need to create a user or a group, I just get the
nextRid attribute from LDAP server increment it on the server and assign
it either group or user account, wich also serves as a map between RID
and UID/GID.

Have a good time,
Andrey Nepomnyaschih

-----Original Message-----
From: samba-bounces+lists-samba=chartpilot.ru at lists.samba.org
[mailto:samba-bounces+lists-samba=chartpilot.ru at lists.samba.org] On
Behalf Of Jim C
Sent: Sunday, July 20, 2003 9:51 PM
To: Andrey Nepomnyaschih; samba at lists.samba.org
Subject: Re: [Samba] sambaDomain Question


Well here is my theory.
Most organizations with larger numbers of users generally assign users 
to groups like "users" or "admin" and as a consequence have 
substantially fewer groups than users.  Thus the two numbers would get 
out of sync.  In the reverse case where an organization assigns a group 
to each user one might have substantially more groups than users and 
again we are out of sync.   In Linux, the tradition has been to use 
formulas to transform uid and gid numbers into disjoint groups of  RID 
numbers so that the information (uid/gid) is retained acrossed system 
boundaries.  For example one might use a system that will come up with 
all even numbers for users and odd ones for groups.  If this were not 
so, we might have to maintain a seperate  set of records, similar in 
concept to an SQL table, with all of the RID values.  In sort it has to 
do with the most efficient way to store the data while retaining the 
ability of the administrator to figure out what the underlying uid/gid
is.

Andrey Nepomnyaschih wrote:

>Hello,
>
>I have a question regarding LDAP schema of sambaDomain. Why does it 
>contains both sambaNextGroupRid and sambaNextUserRid while in Windows 
>groups and users do share RID between them? What are the obstacles in 
>path of having only one say sambaNextRID.
>
>Have a good time,
>Andrey Nepomnyaschih
>
>  
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list