CVS update: samba/source/auth
Andrew Bartlett
abartlet at samba.org
Tue May 13 23:11:33 GMT 2003
On Wed, 2003-05-14 at 01:31, Simo wrote:
> Seem resonable, I'm ok with your proposal.
> Do you have any comments on the idmap_ldap patch?
It was reading that patch that made me find the pdb_ldap bugs :-).
Once we get the pdb_ldap code right again, and again copy that common
code across, it looks fine. (But it was a very quick look).
> I have some doubt about using both sambaAccount and idmapEntry to store
> the SID<->ugid mappings
>
> I think we should use a unique objectclass, perhaps binding it to the
> user when it exist.
If I read it correctly, that's what it does. What I want is a
co-incidence of sambaAccount and uidNumber or sambaGroup and gidNumber
to be considered a 'valid' group mapping entry, without any changes.
(This allows upgrades from 2.2 and 3.0 where it will 'just work' even
for sites with RIDs that were set by NT).
When we are doing a new mapping, then the new objectClass should be
used.
Andrew,
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030514/410fa251/attachment.bin
More information about the samba-technical
mailing list