[PATCH] ldap connection caching (not ready!!!)

Stefan (metze) Metzmacher metze at metzemix.de
Fri Oct 18 08:57:00 GMT 2002

At 10:30 18.10.2002 +0200, Ignacio Coupeau wrote:
>Stefan (metze) Metzmacher wrote:
>!!!  a few line above I read 'return NT_STATUS_OK' but it
>>was 'ret = NT_STATUS_OK'  :-(
>>but now it works! :-)
>>what I need is to test is the non_unix_account stuff.

Should this mail a responde to the id allocator patch???

>I browsed the code and the ldap schema changes... if I don't 
>misunderstand, the the nextrid is used only for non_unix_account, and the 
>algorithmic mapping for unix accounts, rigth?

there is no nextrid attribute in HEAD or 3_0

>So, the other question is if a non_unix_account should be in only-one 
>domain? In other words: if an user logs in the domain x the ldap stuff 
>will provide a rid-x only useable for the domain-x?
>I wonder if this may be a strong restriction for large sites with "n" 
>domains and only-one ldap base... because the administrators should 
>maintain n accounts/rid per-user for access to the n domains. On the other 
>hand, if the domain attr takes n-values may solve the multiple logon but 
>the rid space may be broken.

you can have only one samba domain in one ldap tree, all samba related 
objects have only a rid and a full sid and the attribute 'domain' is not 
used at the moment.

Stefan "metze" Metzmacher <metze at metzemix.de>

More information about the samba-technical mailing list