Primary Group SID

Bostjan Golob golob at
Mon Feb 9 20:27:09 GMT 2004

On Mon, 2004-02-09 at 21:11, Andrew Bartlett wrote:
> On Tue, 2004-02-10 at 06:21, Bostjan Golob wrote:
> > I hacked together a little patch for the LDAP backend that resolves a
> > user's primary gid into a SID and uses that as the primary group SID. If
> > the group has no mapping, the user gets the Domain Users group as the
> > primary group.
> > 
> > This is just a quick proof-of-concept patch that probably needs some
> > polishing and moving into a more general location. If people are
> > satisfied with this patch, I'll make a more general one (a bit out of
> > practice with samba code at the moment :).
> I don't like the getpwnam() lookup.  Now I remember what happened to
> this code...
> I would prefer that we re-introduced the code to look at gidNumber, and
> translate it on that basis.  If the group mapping does not exist, then
> the algorithmic mapping should be used.

That was my first intent, but I went with getpwnam() because in my case,
I have separate LDAP trees for samba and posix users (for testing now)
and the sambaSamAccount had no gidNumber. Also, the root account has no
posixAccount entry in LDAP, only a sambaSamAccount for joining the
machines in the domain and so on. 

Bostjan Golob

> Andrew Bartlett

More information about the samba-technical mailing list