[PATCH] Duplicate GIDs in supplementary groups

Gerald (Jerry) Carter jerry at samba.org
Mon Apr 19 22:21:08 GMT 2004

Klinger, John (N-CSC) wrote:
> Samba 3.0.1, security=ads, idmap backend=ldap:ldap:...
> This patch was needed because we had mapped a large number of
> Active Directory groups to a single Unix group. We did this by 
> allowing the OpenLDAP backend (2.1.23) to populate via 
> "getent group" and "getent passwd", then modifying the OpenLDAP 
> SID=>gid mappings to map to a specific gid. The Samba daemons 
> were then stopped, the tdb caches removed, and the daemons 
> restarted.
> Without this patch, if a user belonged to 16 groups that mapped 
> to the same gid, they would have every one of those groups in 
> their supplementary group list, with the same gid repeated for 
> each one. With this path, the gid will appear in the 
> supplementary group list only once.


I'm checking in a variation of this for 3.0.3.  Didn't use
your patch since I had to share code between smbd and

cheers, jerry
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting

More information about the samba-technical mailing list