Samba4 idmap using uidNumber/gidNumber

Matthieu Patou mat at
Sun Jun 10 17:59:19 MDT 2012

Hello Gemes,

> Regarding groups which need to have also an uid, IMHO the best solution
> would be to have the idmap.ldb in the directory for example as a new
> partition, then for each SID->uid or uid->SID map which won't get a
> result from the main partition, searching the idmap.ldb would give an
> uniform answer across the domain.
It's a seducing idea but it has a couple of implications and corner cases:

* conflict can still happen: 2 DC allocating the a different uid for a 
given group because they were requested to do so before replication has 
* search to a full blown ldb is much much much more slower than a search 
to a standalone ldb, even if you might not notice it on a small 
provision it will be much more noticeable on bigger provision and there 
will be case when you don't want to have to pay this price.


Matthieu Patou
Samba Team

More information about the samba-technical mailing list