Samba3/LDAP: sambaPrimaryGroupSID
Michael Ströder
michael at stroeder.com
Mon Mar 30 11:12:13 GMT 2009
Volker Lendecke wrote:
> On Mon, Mar 30, 2009 at 11:43:40AM +0200, Michael Ströder wrote:
>>> sambaPrimaryGroupSID these days is ignored.
>>> [..]
>>> We always calculate it from the user's primary gid.
>> Doesn't that mean that every user entry with AUXILIARY object class
>> sambaSamAccount als MUST have gidNumber set? If yes, it would be worth
>> adding gidNumber to MUST attrs of sambaSamAccount to make that obvious.
>> Note that someone might want to add an Samba user entry without
>> posixAccount object class.
>>
>> Probably same question for attribute uidNumber since I guess you
>> calculate the user's sambaSID from this too?
>
> No, that's not a good idea. There are installations out
> there which don't have the nss info in LDAP, only the samba
> objects are there. For those installations the mapping is
> done via the name.
Which "name"? The value of attribute "uid"? Note that "uid" might be
multi-valued...(yes, I'm nitpicking here ;-)
Ciao, Michael.
More information about the samba-technical
mailing list