Working on LDAP support in HEAD
Inge-Håvard Hunstad
inge at cc.uit.no
Fri May 12 10:56:55 GMT 2000
Gerald Carter wrote:
>
> [note that the original message has been cross posted to
> samba-ntdom at samba.org as well. However, let's keep all
> discussion on samba-technical as that should make it easier
> to follow in the archives. Thanks --jerry]
>
> Folks,
>
> I need some input on a judgement call for fixing the LDAP
> support in the HEAD branch.
>
> The issue the allocation of user RID's in the LDAP entries.
> Under the scheme devised for SAMBA_TNG (i'm talking about the
> older LDAP schema), RID's are generated automatically and
> in a monotonically increasing order (like NT). However,
> this will make it very difficult to migrate from smbpasswd to LDAP
> in a Samba controlled NT domain.
>
> Why you ask? :-)
>
> Changing the user RID will break existing profiles. So how do we
> get around this? By setting the RID to be the same. I have some
> perl scripts that will transder an smbpasswd into an LDAP tree
> while keeping this existing user RID (as defined by the algorithms
> currently coded in smbd).
>
> However, this migration strategy breaks the incremental RID
> allocation scheme use by the LDAP passwd backend.
>
> Finally, my point. I would like to allocate the RID's based
> upon the samba uid <-> RID mapping function implemented in
> the main branch.
>
> What say people to this?
>
Hi Jerry,
I have been working on this matter for some time. It seems that in my
setup, with mandatory profiles and a reg hack to delete local profiles,
the rid is of no importance. I even tried to change the rid of a machine
in the domain and it still was logging in the users. So If you have this
setup you can just assign a rid to the user:)
My question is: what about those who wants to move from a NT server to
samba and LDAP? Since you said that they use the incremental version,
you will get conflicting rids when you try the samba uid <-> RID mapping
function. As I se it you will get in trouble one way or another. So my
suggestion is that you make a function that checks if the rid exists if
it does then try to increment and se if the new value is in use. Then
repeat until we find a rid that's not in use.
Cheers,
Inge-Håvard Hunstad
More information about the samba-technical
mailing list