Commit my stuff to 3.0?

Andrew Bartlett abartlet at
Sun Oct 13 12:59:00 GMT 2002

Simo Sorce wrote:
> > > > We have many of these problems already, but they get worse when
> > > > allocated RIDs are the norm, rather then the exception.  Perhaps we
> > > > should move SID->uid and uid->SID stuff into a seperate module?  This
> > > > was somthing we were looking at for the 'new SAM', but maybe we need it
> > > > sooner.  (It is not dependent on the rest of the work).
> > >
> > > I remember the word SURS.... ;-) I think this would not help. We will
> > > never be perfect NT, we will always have rough edges. But at least if
> > > the behaviour is known and documented, I would be happy. I need to
> > > *explain* that stuff to people sitting in courses. For this simplicity
> > > is really important.
> >
> > Yes, we need a simple solution, but I'm not sure there is one...
> Isn't idmap the right place to go?

I think so.  And I think we can construct one that makes sense for
admins.  For example, we could contstruct an LDAP based one that uses
the uidNumber on the user's LDAP record.  

We might end up doing this via the passdb interface (despite the fact I
was really hoping to move unix stuff out of there) becouse I found the
performance issues surrounding the current stuff to be problematic.  :-(

Whatever we do, uid->sid and sid->uid needs to be a single lookup. 

idra:  you proposed (and even added) these to the passdb API a little
while back.  Do you think that's still a viable solution?  If we
implement the 'ldap trust uids' thing (stops Get_Pwnam() inside ldap)
then this would certainly scale much better than existing code.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list