Upgrade from S3 to a Samba4 DC [with LDAPSAM] [NOTE!]

Adam Tauno Williams awilliam at whitemice.org
Mon Sep 12 08:38:08 MDT 2011

Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>> On Fri, 2011-09-09 at 14:27 +0200, Tarjei Huse wrote:
>>> On 09/08/2011 11:11 PM, Andrew Bartlett wrote:
>>>> On Thu, 2011-09-08 at 16:56 -0400, Adam Tauno Williams wrote:
>>>>> Gotcha.  And it goes much further.  Are users with the same name as
>>>>> groups an issue?  There is only one uid=bie object in the LDAPSAM.
>>>> Users with the same name as groups have always been prohibited in
>>>> Windows, even with NT4.  I'm not sure there is anything we can do except
>>>> fail here, but I'm open to suggestions.
>>> Document it?
>> It is reasonably well documented [I knew about it].  That is just an
>> NT/Windows thing.  Anyone managing Windows should already know about
>> that [from the Microsoft documentation], IMO.  The only really issue
>> regarding that is that S3 LDAPSAM was pretty fast-and-loose with
>> enforcing rules.   Does S3 LDAPSAM even use the "cn" attribute as the
>> group name?  It appears to use the "description" attribute in most
>> places [at least that is what appears on the screen when looking at a
>> security descriptor].
> Indeed it does use "description" as the name of at least the group  
> and that value is case-insensitive [again, obvious in hind-sight].

Nope, my bad.  The attribute that need to be case-insensitive unique  
is "displayName".

More information about the samba-technical mailing list