Mixed profiles w/Samba-PDC
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Sat May 30 13:48:17 GMT 1998
On Fri, 29 May 1998, Jeremy Allison wrote:
> Luke Kenneth Casson Leighton wrote:
> >
> >
> > when you get a RID in a structure returned from a lookup or enumeration,
> > it is already marked with an ENUM which tells you what kind of RID it is,
> > in that structure.
> >
> > therefore, jeremy, your suggestion is an optimisation that a) may be
> > unnecessary b) may cause problems as you outline below.
> >
>
> But there's *just* one case you missed (of course that happens
> to be the most important case for a file server :-). That's the
> case where you get a SID as part of an NT ACL.
>
> In that case you just get a list of SIDs, and the ACL
> is in self relative format. Unfortunately an ACL can
> contain both user and group SIDs - and there's *no*
> extra flag that tells the two apart.
yes: jean francois reminded me of this.
> So my suggestion is still neccessary I'm afraid.
your suggestion is merely an optimisation, and the simplest and fastest of
possible optimisations: it's not strictly necessary.
another alternative optimisation is to allocate blocks of RIDs (in groups
of 0x400, for example) and have two files with ranges in them: one which
specifies which batch of 0x400-spaced-out RIDs have been allocated as
group RIDs; the other specifies which have been allocated as user RIDs.
i would expect the group RIDs file to be small; the user RIDs file to be
large(r).
alternatively, given this expectation, write a _function_ which allocates
RIDs on, say, a 100 user rid to 1 group rid basis.
both these two alternatives should start counting from 10000.
luke
More information about the samba-ntdom
mailing list