get_domain_user_groups() improvement.
Andrew Bartlett
abartlet at samba.org
Fri Sep 24 22:32:33 GMT 2004
On Sat, 2004-09-25 at 08:24, Volker Lendecke wrote:
> On Sat, Sep 25, 2004 at 08:12:46AM +1000, Andrew Bartlett wrote:
> > In the past, we have had a parameter 'ldap trust ids'. It was pulled
>
> I'm not sure I'm entirely comfortable with that idea. There was a reason why
> that parameter was removed, although I don't remember it anymore.
The parameter was removed because the code morphed into a form that
didn't use it. That was unfortunate, as at one point it actually fixed
your biggest bug-bear - the sambaPrimaryGroupSid.
> The reason I'm worried is that this is really security-sensitive stuff.
So is everything else we have in LDAP. So I don't think 'can we trust
the data in ldap' is really the question. I agree that some of our more
insane admins might put completely conflicting data in ldap compared to
NSS, but we already have such a tight dependency there for groups
anyway...
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040925/c96a3602/attachment.bin
More information about the samba-technical
mailing list