LDAP PDB and IDMAP design and implemenation
Steve Langasek
vorlon at netexpress.net
Fri Jun 20 16:02:40 GMT 2003
On Tue, Jun 17, 2003 at 10:03:15PM +1000, Andrew Bartlett wrote:
> Finally, (and more controversially) I would suggest that we change the
> way the idmap entires are store in LDAP to use the DOMAIN SID as the DN
> component, not the unix userid.
> Generally in idmap, it is the Domain SID that is the descriptive aspect
> of the entry, and there is a proposal to have such a domain sid map to
> both a unix UID and a unix GID. Even if this is never taken up, it
> would seem to be better to allow for this change now, rather than
> figuring it out later.
> This would make the DN:
> sambaSID=S-1-5-21-4117985702-3860941512-23890400-512,ou=idmap,dc=bartlett,dc=house.
That's a pretty ugly DN. :) Why would it ever be useful to try to map a
single SID to both a uid and a gid?
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030620/8ecf6bc1/attachment.bin
More information about the samba-technical
mailing list