Samba4 patch for manipulating Unix attributes via ADUC

Robert Colquhoun robert.colquhoun at
Sat Jul 14 00:14:34 MDT 2012

On Thu, Jul 12, 2012 at 11:11 AM, Andrew Bartlett <abartlet at> wrote:
> How does the max uid/gid thing work, particularly with distributed user
> creation?  (This is why we never tried this before, because we were told
> that no such mechanism existed).

I don't know if this is relevant but openldap has a mechanism for the
above using overlays:

Basically the ldap server needs to intercept add and modifies and call
a handler which then checks (hopefully indexed) attribute for
suitability ie unique.

I would imagine in any normal system adding or modifying users would
be well less than 1% of reads and thus safe to make relatively
expensive operation to perform.

Adding max uid/gid would require some kind of transaction support as
would need to increment those values and add the user in a single
operation or cancel everything.

Other way is to create some sort of samba private area in ldap and use
the uids and gids encoded into the dn as that is guaranteed to be
unique when doing an add

- Robert

More information about the samba-technical mailing list