Proposal/Idea: Remove support for using rfc2307 attributes for s4 id-mapping?

simo idra at
Mon Oct 15 09:48:30 MDT 2012

On Mon, 2012-10-15 at 17:10 +0200, steve wrote:
> On 15/10/12 16:51, Michael Adam wrote:
> >
> > - Addressing one frequent request:
> >    There is no good reason I know for requiring a user/group to
> >    have the same unix-ID on all DCs for a given domain.
> It is of vital importance for those of us who have Linux clients in the 
> domain and serve them using NFS, that uidNumber and gidNumber remain the 
> same no matter which DC is queried. When a user or group is created, we 
> add the necessary rfc2307 classes and attributes to AD. We bypass 
> idmap.ldb altogether. idmap_use:rfc2307 = Yes allows us to do this.
> Please do not remove this excellent facility.
> -1 to the proposal.
> Cheers,
> Steve

Steve I up the ante, I wouls like to remove idmap.ldb entirely, and use
rfc2307 attributes as the only idmap facility (for our own


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list