[Samba] Winbind troubles
Rowland Penny
rowlandpenny at googlemail.com
Wed Jul 24 05:10:42 MDT 2013
On 24 July 2013 11:59, Jonathan Buzzard <jonathan at buzzard.me.uk> wrote:
> Hum, according to Rowland it uses the gidNumber in the users DN, though
> his posted "proof" was flawed and it could have been coming from the
> gidNumber of the users primary group just as Winbind does. I have
> browsed the source code for sssd but it is not immediately obvious where
> it is getting the info from. So which one does it really use?
>
> > I see that the classicupgrade retains the user gidNumber so
> > maybe we should keep it in the DN of not only the primaryGroup but
> > also in the DN for new users too. For compatibility?
>
> Like I said best practice is probably to keep them the same. The thing
> with RFC2307 is that it is for storing Unix attributes in LDAP and we
> are talking about storing Unix attributes in AD which is not quite the
> same thing. Ideally the gidNumber field in the users entry should be a
> derived field similar to the memberOf fields.
>
Look you prat, I agreed with you that it is best practise to keep the users
gidNumber & primaryGroupID the same, I also said that it probably does not
matter where the gidNumber comes from as long it is the right one.
The storage of Unix attributes in AD is what windows does so it must done
the way that windows does it.
I also said that we were never going to agree on this, this was a hint,
PLEASE SHUT UP!
Rowland
More information about the samba
mailing list