LDAP PDB and IDMAP design and implemenation
vorlon at netexpress.net
Fri Jun 20 16:02:40 GMT 2003
On Tue, Jun 17, 2003 at 10:03:15PM +1000, Andrew Bartlett wrote:
> Finally, (and more controversially) I would suggest that we change the
> way the idmap entires are store in LDAP to use the DOMAIN SID as the DN
> component, not the unix userid.
> Generally in idmap, it is the Domain SID that is the descriptive aspect
> of the entry, and there is a proposal to have such a domain sid map to
> both a unix UID and a unix GID. Even if this is never taken up, it
> would seem to be better to allow for this change now, rather than
> figuring it out later.
> This would make the DN:
That's a pretty ugly DN. :) Why would it ever be useful to try to map a
single SID to both a uid and a gid?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030620/8ecf6bc1/attachment.bin
More information about the samba-technical