Commit my stuff to 3.0?
Stefan (metze) Metzmacher
metze at metzemix.de
Mon Oct 14 04:59:01 GMT 2002
At 15:57 13.10.2002 +0200, Simo Sorce wrote:
> > > But to use ldap as a central storage you have to solve how to handle
> > > foreign or builtin/special SIDs!
yes the builtin SID's should only be shared between DC's.
maybe we shouldn't do lookup's on the central idmap that contain builtin SID's
and write unmapped in our local idmap( if domain logons = no).
1.so if we lookup BUILTIN SID S-1-5-32-545 and didn't find it in the local
idmap:
we should write it to our local idmap and mark it as unmapped.
it will later possible for the admin to manual map it via a tool like
smbgroupedit.
2. if we lookup a uid 5676 and didn't find it in our local idmap, we look
it up in trhe central
idmap. if it is mapped to a builtin sid, we should write it to our local
idmap with unmapped.
it will later possible for the admin to manual map it via a tool like
smbgroupedit.
3. if we have domain logons = yes, we should skip the 1. and 2.
> >
> > Well, I was only looking at mapping our own domain - I was thinking the
> > rest should happend via winbind. However, it does make more sense that
> > this is all handled in one place. I think we can deal with this.
>
>
>if you want it to be fast, better it stay in one place.
>
>
>Simo.
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
More information about the samba-technical
mailing list