Do SID and UID mapping need to be one-to-one ?

Gerald (Jerry) Carter jerry at
Tue Nov 7 17:31:37 GMT 2006

Hash: SHA1

Copying the ml back to the CC list:

sambatech.20.nirsoffer at wrote:

>> We don't support this in the general sense in Winbindd.
>> We need to be able to derive the name/SID/uid of a user
>> given only piece of the triple.  And the mapping must
>                                    ^^^^^^^^^^^^^^^^^^^^
>> be symmetric.
>   ^^^^^^^^^^^^^
> Why must the mapping be symmetric? If for instance:
> SID(a)->UID(1)
> SID(b)->UID(1)
> UID(1)->SID(a)
> Then indeed converting SID(b) to UID(1) and then the 
> inverse will result in SID(a), but why is that a problem?
> Is there a compelling reason that the mapping be symmetric?
> I simply can't understand why Samba needs to assume that.

For example, How do you know what SID to report in a security
descriptor for a file?  You have to convert the uid to to a SID.
You say that you solve this by choosing the last logged on user.
What does that mean anyways?  desktop login?  smbd connection?

> So just to make sure I understand - the assumption that 
> the mapping is symmetric is to have consistency OUTSIDE Samba,
> and is not an assumption that Samba relies on? I'm only
> asking because I see it is asserted in the code.

You can do anything you like with the code under constraints
the GPL, but this type of design would not be accepted back
into the main tree.   :-)

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE -


More information about the samba-technical mailing list