Samba3/LDAP: sambaPrimaryGroupSID
Michael Ströder
michael at stroeder.com
Mon Mar 30 09:43:40 GMT 2009
Volker Lendecke wrote:
> On Mon, Mar 30, 2009 at 01:33:19AM +0200, Michael Ströder wrote:
>> Is the value in sambaPrimaryGroupSID always supposed to be the value of
>> sambaSID in an *existing* LDAP entry? Or are there well-known SIDs
>> automagically used?
>>
>> I'm asking because I've declared a plugin class in web2ldap for
>> sambaPrimaryGroupSID which allows to search the possible values and
>> display a select list (see below). Obviously in this simple way all
>> possible values have to be present in entries on the LDAP server then.
>
> sambaPrimaryGroupSID these days is ignored.
Since which version?
> We always calculate it from the user's primary gid.
Doesn't that mean that every user entry with AUXILIARY object class
sambaSamAccount als MUST have gidNumber set? If yes, it would be worth
adding gidNumber to MUST attrs of sambaSamAccount to make that obvious.
Note that someone might want to add an Samba user entry without
posixAccount object class.
Probably same question for attribute uidNumber since I guess you
calculate the user's sambaSID from this too?
Ciao, Michael.
More information about the samba-technical
mailing list