A RID allocator and its consequences

Volker.Lendecke at SerNet.DE Volker.Lendecke at SerNet.DE
Fri Sep 27 07:40:00 GMT 2002

Hash: SHA1

> pdb_smbpasswd and pdb_unixsam both use the code in passdb.c
> (pdb_fill_sam_pw()) to construct their SAM_ACCOUNT, and to do uid->sid
> mapping.  In fact, becouse of this, smbpasswd already uses the gid code
> to determine the primary group RID on the fly. 

My thought was that pdb_smbpasswd has to tell get_group_from_gid that
in this particular case we need the algorithmic mapping. The RID
allocator will interfere with the algorithmic mapping for uids for

> > What crazy stuff do you mean? unixsam_update_sam_account?
> That certainly sounds familure.

And I'm still looking at the consequences of that hack. I'll tell you
what I think later :-)

> As long as we have never made an implicit mapping between that uid and
> RID, then it's fine. 

That's what I'm trying to hammer out currently.

> One of the ideas with the new SAM stuff is that we always control
> this mapping - it's the autoalgoirthmic stuff that kills us here...

Diggin through the muddy waters of fallback_pdb_* ...

> The only other trick is 'outside modification'.  When people put this
> stuff into LDAP, they often like to modify it directly.  This may be 'a
> bad thing', but it's also somthing we must at least tolerate.  (I
> certainly do it at my site).  Therefore having the max rid stuff in LDAP
> might be benifitial.

Yes. As I said, this was code of about 3 hours. But following Eric
Raymond: Release early, release often.


Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Key-ID ADE377D8, Fingerprint available: phone +49 551 3700000


More information about the samba-technical mailing list