sambaSID in the sambaSamAccount a good idea?
abartlet at samba.org
Wed Jun 25 07:46:22 GMT 2003
On Wed, 2003-06-25 at 17:11, Volker Lendecke wrote:
> On Wed, Jun 25, 2003 at 09:55:12AM +1000, Andrew Bartlett wrote:
> > The correct solution (for which I'll produce a patch) is to assert that
> > the SID stored in secrets.tdb is always the SID stored in LDAP for the
> > domain, and update secrets.tdb is we need to.
> Hmmm. I'm still not convinced.
> What does this gain us feature-wise, not implementation-wise? IMO a change in
> behaviour should really be backed by a good new feature that we get.
A consistent ldap IDMAP. (Otherwise we would need to special-case
between entries in this domain (using rids), and entries in others
(using full sids))
> A little argument might be that NT only stores the RID in its SAM as well, as
> you can see from the SAM_ACCOUNT_INFO delta.
And Win2k only stores SIDs in LDAP.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030625/70275e99/attachment.bin
More information about the samba-technical