sambaSID in the sambaSamAccount a good idea?
Andrew Bartlett
abartlet at samba.org
Wed Jun 25 07:46:22 GMT 2003
On Wed, 2003-06-25 at 17:11, Volker Lendecke wrote:
> On Wed, Jun 25, 2003 at 09:55:12AM +1000, Andrew Bartlett wrote:
> > The correct solution (for which I'll produce a patch) is to assert that
> > the SID stored in secrets.tdb is always the SID stored in LDAP for the
> > domain, and update secrets.tdb is we need to.
>
> Hmmm. I'm still not convinced.
>
> What does this gain us feature-wise, not implementation-wise? IMO a change in
> behaviour should really be backed by a good new feature that we get.
A consistent ldap IDMAP. (Otherwise we would need to special-case
between entries in this domain (using rids), and entries in others
(using full sids))
> A little argument might be that NT only stores the RID in its SAM as well, as
> you can see from the SAM_ACCOUNT_INFO delta.
And Win2k only stores SIDs in LDAP.
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030625/70275e99/attachment.bin
More information about the samba-technical
mailing list