About ldapsam:editposix

simo idra at samba.org
Thu Mar 2 13:55:29 GMT 2006

On Thu, 2006-03-02 at 14:22 +0100, Stéphane Purnelle wrote:
> Hash: SHA1
> Hi,
> I read your new parameter ldapsam:editposix.
> And I think that is a good functionnality.
> But, Why I must run winbind on my samba PDC ?
> The maintener of Idealx script and John H Terpstra decided to put
> uidNumber and gidNumber
> attribute into the schema sambaUnixIdPooldn (object where you want to
> store the next uidNumber and gidNumber available for new users and
> groups).
> http://ftp.easynet.be/samba/docs/man/Samba3-ByExample/happy.html#sbeidealx
> Why you don't use these attribute ?

1. To have a consistent central point of management of ids, so that I do
not have to implement the mapping logic again, winbind already does it
and if you use idamp backend = ldap (and I recommend it in this setup)
you keep everything on ldap anyway.

2. Winbind should be used even on DCs anyway, it gives you a single
channel to connect to other DCs, and make your server support trusted
users and nested groups.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list