Working on LDAP support in HEAD

Gerald Carter gcarter at
Thu May 11 14:46:38 GMT 2000

[note that the original message has been cross posted to
samba-ntdom at as well.  However, let's keep all 
discussion on samba-technical as that should make it easier 
to follow in the archives.   Thanks   --jerry]


I need some input on a judgement call for fixing the LDAP
support in the HEAD branch.

The issue the allocation of user RID's in the LDAP entries.
Under the scheme devised for SAMBA_TNG (i'm talking about the
older LDAP schema), RID's are generated automatically and 
in a monotonically increasing order (like NT).  However,
this will make it very difficult to migrate from smbpasswd to LDAP
in a Samba controlled NT domain.

Why you ask? :-)

Changing the user RID will break existing profiles.  So how do we
get around this?  By setting the RID to be the same.  I have some 
perl scripts that will transder an smbpasswd into an LDAP tree 
while keeping this existing user RID (as defined by the algorithms
currently coded in smbd).

However, this migration strategy breaks the incremental RID 
allocation scheme use by the LDAP passwd backend.  

Finally, my point.  I would like to allocate the RID's based 
upon the samba uid <-> RID mapping function implemented in 
the main branch.

What say people to this?

   /\  Gerald (Jerry) Carter                     Professional Services
 \/    VA Linux Systems  gcarter at      SAMBA Team            jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list