'On the Fly' mappings and PDC/BDC interactions

[Andrew Bartlett]

I'm just wondering if anybody has considered the impact of creating 'on
the fly' mappings for groups/users (uid->sid stuff) and how this plays
with PDC/BDC relationships...

If we have a BDC that is asked for a not-yet-mapped group, and gives it
a SID, how do we get that information back to the PDC?

In particular, I don't like the idea that the BDC must contact the PDC
in real time here - that would seem to defeat the point of having a
PDC/BDC.  (In particular, I can imagine setups where the BDC simply
cannot contact the PDC ever, and just assumes LDAP handles the
replications).  

Also, it would of course need to play with 'net rpc vampire'
correctly...

Anyway, this area is messy.

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net