[PATCH] ldap connection caching (not ready!!!)
Stefan (metze) Metzmacher
metze at metzemix.de
Fri Oct 18 08:57:00 GMT 2002
At 10:30 18.10.2002 +0200, Ignacio Coupeau wrote:
>Stefan (metze) Metzmacher wrote:
>!!! a few line above I read 'return NT_STATUS_OK' but it
>>was 'ret = NT_STATUS_OK' :-(
>>but now it works! :-)
>>what I need is to test is the non_unix_account stuff.
Should this mail a responde to the id allocator patch???
>I browsed the code and the ldap schema changes... if I don't
>misunderstand, the the nextrid is used only for non_unix_account, and the
>algorithmic mapping for unix accounts, rigth?
there is no nextrid attribute in HEAD or 3_0
>So, the other question is if a non_unix_account should be in only-one
>domain? In other words: if an user logs in the domain x the ldap stuff
>will provide a rid-x only useable for the domain-x?
>
>I wonder if this may be a strong restriction for large sites with "n"
>domains and only-one ldap base... because the administrators should
>maintain n accounts/rid per-user for access to the n domains. On the other
>hand, if the domain attr takes n-values may solve the multiple logon but
>the rid space may be broken.
you can have only one samba domain in one ldap tree, all samba related
objects have only a rid and a full sid and the attribute 'domain' is not
used at the moment.
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>
More information about the samba-technical
mailing list