[PATCH] Duplicate GIDs in supplementary groups
Gerald (Jerry) Carter
jerry at samba.org
Mon Apr 19 22:21:08 GMT 2004
Klinger, John (N-CSC) wrote:
> Samba 3.0.1, security=ads, idmap backend=ldap:ldap:...
>
> This patch was needed because we had mapped a large number of
> Active Directory groups to a single Unix group. We did this by
> allowing the OpenLDAP backend (2.1.23) to populate via
> "getent group" and "getent passwd", then modifying the OpenLDAP
> SID=>gid mappings to map to a specific gid. The Samba daemons
> were then stopped, the tdb caches removed, and the daemons
> restarted.
>
> Without this patch, if a user belonged to 16 groups that mapped
> to the same gid, they would have every one of those groups in
> their supplementary group list, with the same gid repeated for
> each one. With this path, the gid will appear in the
> supplementary group list only once.
John,
I'm checking in a variation of this for 3.0.3. Didn't use
your patch since I had to share code between smbd and
winbind.
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
More information about the samba-technical
mailing list