Working on LDAP support in HEAD

Inge-Håvard Hunstad inge at cc.uit.no
Fri May 12 10:56:55 GMT 2000 

Gerald Carter wrote:
> 
> [note that the original message has been cross posted to
> samba-ntdom at samba.org as well.  However, let's keep all
> discussion on samba-technical as that should make it easier
> to follow in the archives.   Thanks   --jerry]
> 
> Folks,
> 
> I need some input on a judgement call for fixing the LDAP
> support in the HEAD branch.
> 
> The issue the allocation of user RID's in the LDAP entries.
> Under the scheme devised for SAMBA_TNG (i'm talking about the
> older LDAP schema), RID's are generated automatically and
> in a monotonically increasing order (like NT).  However,
> this will make it very difficult to migrate from smbpasswd to LDAP
> in a Samba controlled NT domain.
> 
> Why you ask? :-)
> 
> Changing the user RID will break existing profiles.  So how do we
> get around this?  By setting the RID to be the same.  I have some
> perl scripts that will transder an smbpasswd into an LDAP tree
> while keeping this existing user RID (as defined by the algorithms
> currently coded in smbd).
> 
> However, this migration strategy breaks the incremental RID
> allocation scheme use by the LDAP passwd backend.
> 
> Finally, my point.  I would like to allocate the RID's based
> upon the samba uid <-> RID mapping function implemented in
> the main branch.
> 
> What say people to this?
> 
Hi Jerry,

I have been working on this matter for some time. It seems that in my
setup, with mandatory profiles and a reg hack to delete local profiles,
the rid is of no importance. I even tried to change the rid of a machine
in the domain and it still was logging in the users. So If you have this
setup you can just assign a rid to the user:)

My question is: what about those who wants to move from a NT server to
samba and LDAP? Since you said that they use the incremental version,
you will get conflicting rids when you try the samba uid <-> RID mapping
function. As I se it you will get in trouble one way or another. So my
suggestion is that you make a function that checks if the rid exists if
it does then try to increment and se if the new value is in use. Then
repeat until we find a rid that's not in use. 

Cheers,

Inge-Håvard Hunstad

More information about the samba-technical mailing list