Does anybody use idmap_adex?

Gerald Carter jerry at
Mon Jun 28 09:37:28 MDT 2010

(sorry...I keep sending from my work address which is not
subscribed to the lists)

Hey Simo,

On 06/28/2010 10:29 AM, simo wrote:

> Ok, for some reason I thought information was maintained
> on your side of the trust using the cells.

Sort of correct.  But these are specific OU cells and not
a forest wide cell.  At the risk of digressing into a Likewise
specific thing, an OU cell stores the meta data for objects
in a container inside the OU.  So you can add a user or group
across a one-way trust to an OU cell and the UNIX attribute
information is stored inside the OU in *your* domain.
So in this case, you don't send LDAP queries across a one-way
trust.  In the RFC2307 forest cell case, the UNIX attribute
information is stored *on* the actual user and group object.

Idmap_adex only supported the RFC2307 forest "cell" since this
was easy to do using the MS "Identity Services for Unix" management

Make sense?

cheers, jerry
Director of Engineering            

More information about the samba-technical mailing list