[PATCH] samba-tool: make 'samba-tool user create' work like ADUC
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jun 25 13:36:40 MDT 2015
On Thu, Jun 25, 2015 at 10:23:07AM -0700, Jeremy Allison wrote:
> On Thu, Jun 25, 2015 at 11:48:36AM +0300, Alexander Bokovoy wrote:
> > > > similar to idmap_rid based on the slice.
> > >
> > > fwiw:
> > > => idmap_autorid
> > Yes, this is one option from which sssd-ad derived its inspiration.
> > There is a difference, though, as autorid tends to produce
> > non-deterministic ordering of the domain-to-range mappings.
>
> Hmmm. Is there a way that can be fixed, or would it
> only be available for idmap_autorid2 ?
There's idmap_rid and idmap_hash. Both are deterministic.
One is manual config, the other one is very likely to
produce collisions. You just can't squeeze SIDs into a
32-bit space deterministically and bidirectional. If you
can, I think that would be worth a Fields Medal.
Maybe now that we get richacls we should ask for 128 bit
uids. Problem solved.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list