Does anybody use idmap_adex?
Gerald Carter
jerry at plainjoe.org
Mon Jun 28 09:37:28 MDT 2010
(sorry...I keep sending from my work address which is not
subscribed to the lists)
Hey Simo,
On 06/28/2010 10:29 AM, simo wrote:
> Ok, for some reason I thought information was maintained
> on your side of the trust using the cells.
Sort of correct. But these are specific OU cells and not
a forest wide cell. At the risk of digressing into a Likewise
specific thing, an OU cell stores the meta data for objects
in a container inside the OU. So you can add a user or group
across a one-way trust to an OU cell and the UNIX attribute
information is stored inside the OU in *your* domain.
So in this case, you don't send LDAP queries across a one-way
trust. In the RFC2307 forest cell case, the UNIX attribute
information is stored *on* the actual user and group object.
Idmap_adex only supported the RFC2307 forest "cell" since this
was easy to do using the MS "Identity Services for Unix" management
tools.
Make sense?
cheers, jerry
--
Director of Engineering http://www.likewise.com/
More information about the samba-technical
mailing list