Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Jeremy Allison jeremy at
Tue Dec 28 23:53:59 GMT 1999

Nicolas Williams wrote:
>  - Microsoft includes a NIS server with w2k that makes lookups via LDAP
>    into ActiveDirectory. The account/principal/uid/sid/whatever
>    information is all in one place.

If that is so then they've already done the work for us.
We're done :-).

>  - I work with a namespace management tool that is name service
>    independent and scales very, very well to very large organizations
>    and which can master NIS, DNS, LDAP, whatever namespace data. All in
>    one place.

Yeah, but I bet stock NT doesn't integrate with it though :-).

> Or PAM_LDAP. Same thing. With win2000 you get an LDAP interface to
> ActiveDirectory.

No - PAM doesn't do user enumeration, just authentication.
Enumeration is the nsswitch job.
> Ok, yes. But we're not there yet. The namespace-management-tool-
> layered-ontop-of-existing-name-services is workable today, at least for
> me. Thus my interest in Luke's initiative.

Yeah - but Luke wants to do it in the wrong piece of code
(Samba). Note that all the other things you mention are
programs external to Samba - I'd like to keep it that way.


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list