[Samba] SaMBa 4.16.4 adds users to ACLs as groups
Ralph Boehme
slow at samba.org
Tue Jun 13 09:53:06 UTC 2023
On 6/13/23 11:26, Rowland Penny via samba wrote:
> Hang on, I have just had another thought (yes, I know, dangerous)
>
> From my understanding, a Samba AD DC uses idmap.ldb because it allows
> groups to be set as 'ID_TYPE_BOTH'.
> Now that it is known that AD groups on a Unix domain member can do the
> same without 'idmap.ldb', is there any other reason to stick with
> idmap.ldb on a Samba AD DC ?
afaict there's no technical reason anymore, this (afair) just comes from
times when winbindd wasn't required on AD DC and thus it had to
implement it's own mapping.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
SAMBA+ Samba packages https://samba.plus/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20230613/504096f2/OpenPGP_signature.sig>
More information about the samba
mailing list