Samba3/LDAP: sambaGroupMapping with sambaSIDList or memberUid?
Michael Ströder
michael at stroeder.com
Mon Mar 30 09:34:55 GMT 2009
Volker Lendecke wrote:
> On Mon, Mar 30, 2009 at 01:57:32AM +0200, Michael Ströder wrote:
>> What's the exact semantics of sambaGroupMapping entry?
>>
>> sambaGroupMapping is declared as AUXILIARY and the common examples show
>> it to be used in conjunction with STRUCTURAL object class posixGroup.
>> But there seems to be another case with attribute sambaSIDList being
>> used to hold the reference to the group member.
>>
>> So I wonder whether a user is member of a Samba group
>> 1. if only his uid is in posixGroup->memberUid or
>> 2. whether his sambaSID has also to be added to
>> sambaGroupMapping->sambaSIDList.
>
> sambaSIDList is being used for so-called local groups
Are local groups stored in the LDAP backend at all?
Which sambaGroupType value do they have?
> or aliases (type 4). These can contain arbitrary SIDs, in particular
> they can contain members from other domains. This is not really
> representable by memberUid.
Ok.
> For domain groups (type 4)
Arent's domain groups type 2?
> memberUid (or whatever NSS has to say) defines the members.
Ok, thanks.
Ciao, Michael.
More information about the samba-technical
mailing list