Samba3/LDAP: sambaGroupMapping with sambaSIDList or memberUid?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Mar 30 03:14:10 GMT 2009
On Mon, Mar 30, 2009 at 01:57:32AM +0200, Michael Ströder wrote:
> What's the exact semantics of sambaGroupMapping entry?
>
> sambaGroupMapping is declared as AUXILIARY and the common examples show
> it to be used in conjunction with STRUCTURAL object class posixGroup.
> But there seems to be another case with attribute sambaSIDList being
> used to hold the reference to the group member.
>
> So I wonder whether a user is member of a Samba group
> 1. if only his uid is in posixGroup->memberUid or
> 2. whether his sambaSID has also to be added to
> sambaGroupMapping->sambaSIDList.
sambaSIDList is being used for so-called local groups or
aliases (type 4). These can contain arbitrary SIDs, in
particular they can contain members from other domains. This
is not really representable by memberUid.
For domain groups (type 4) memberUid (or whatever NSS has to
say) defines the members.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090330/0b5901a0/attachment.bin
More information about the samba-technical
mailing list