Samba3/LDAP: sambaPrimaryGroupSID

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Mar 30 09:56:31 GMT 2009


On Mon, Mar 30, 2009 at 11:43:40AM +0200, Michael Ströder wrote:
> > sambaPrimaryGroupSID these days is ignored.
> 
> Since which version?

I'd have to look. But for sure since 3.2. Might even be
since 3.0.25 or so.

> > We always calculate it from the user's primary gid.
> 
> Doesn't that mean that every user entry with AUXILIARY object class
> sambaSamAccount als MUST have gidNumber set? If yes, it would be worth
> adding gidNumber to MUST attrs of sambaSamAccount to make that obvious.
> Note that someone might want to add an Samba user entry without
> posixAccount object class.
> 
> Probably same question for attribute uidNumber since I guess you
> calculate the user's sambaSID from this too?

No, that's not a good idea. There are installations out
there which don't have the nss info in LDAP, only the samba
objects are there. For those installations the mapping is
done via the name.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20090330/c1644bdf/attachment.bin


More information about the samba-technical mailing list