get_domain_user_groups() improvement.

Andrew Bartlett abartlet at
Fri Sep 24 09:19:18 GMT 2004

On Fri, 2004-09-24 at 18:25, Simo Sorce wrote:
> On Thu, 2004-09-23 at 17:14, Igor Belyi wrote:
> > Gerald (Jerry) Carter wrote:
> > 
> > > Andrew Bartlett wrote:
> > > |> Maybe you don't care about it anymore, but those people
> > > | Sorry - I didn't mean it to come across like that.  Of
> > > I should have added a note that this was not a
> > > personal comment.  I just want to make sure that no
> > 
> > 
> > I didn't mean to stir a fight... (mwa-ha-ha!) ;o)
> > 
> > Just to clarify the idea - pushing _all_ NSS calls from common pdbpass 
> > functions into backends and letting ldapsam backend assume that UNIX 
> > accounts and groups are in traditianal LDAP objects while keeping all 
> > other backends to use NSS calls is the right approach. Is that correct?
> no, sorry that is not correct.
> There is always one account that do not obey that rule, that's root
> (never seen anybody putting it into ldap, it is always in /etc/passwd).

I regularly put it in LDAP, just as a duplicate of the posix data (but
without the shadow parts).

> And I've seen other environments that also use ldap only for samba user
> part storage and not for unix user storage (no nss_ldap on the system).

How is the group mapping handled in this case?  (Given it's so closely
tied to the posixGroup).

Given we are trying to fix the groups side only, I think the assumptions
are reasonable.  

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list