About ldapsam:editposix
simo
idra at samba.org
Thu Mar 2 13:55:29 GMT 2006
On Thu, 2006-03-02 at 14:22 +0100, Stéphane Purnelle wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I read your new parameter ldapsam:editposix.
> And I think that is a good functionnality.
>
> But, Why I must run winbind on my samba PDC ?
> The maintener of Idealx script and John H Terpstra decided to put
> uidNumber and gidNumber
> attribute into the schema sambaUnixIdPooldn (object where you want to
> store the next uidNumber and gidNumber available for new users and
> groups).
>
> http://ftp.easynet.be/samba/docs/man/Samba3-ByExample/happy.html#sbeidealx
>
> Why you don't use these attribute ?
1. To have a consistent central point of management of ids, so that I do
not have to implement the mapping logic again, winbind already does it
and if you use idamp backend = ldap (and I recommend it in this setup)
you keep everything on ldap anyway.
2. Winbind should be used even on DCs anyway, it gives you a single
channel to connect to other DCs, and make your server support trusted
users and nested groups.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list