[PATCH] samba-tool: make 'samba-tool user create' work like ADUC

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Jun 25 13:39:54 MDT 2015


On Thu, Jun 25, 2015 at 09:36:40PM +0200, Volker Lendecke wrote:
> On Thu, Jun 25, 2015 at 10:23:07AM -0700, Jeremy Allison wrote:
> > On Thu, Jun 25, 2015 at 11:48:36AM +0300, Alexander Bokovoy wrote:
> > > > >        similar to idmap_rid based on the slice.
> > > > 
> > > > fwiw:
> > > > => idmap_autorid
> > > Yes, this is one option from which sssd-ad derived its inspiration.
> > > There is a difference, though, as autorid tends to produce
> > > non-deterministic ordering of the domain-to-range mappings.
> > 
> > Hmmm. Is there a way that can be fixed, or would it
> > only be available for idmap_autorid2 ?
> 
> There's idmap_rid and idmap_hash. Both are deterministic.
> One is manual config, the other one is very likely to
> produce collisions. You just can't squeeze SIDs into a
> 32-bit space deterministically and bidirectional. If you
> can, I think that would be worth a Fields Medal.

Oh, just read: For the Fields Medal you have to be younger
than 40 years. That's over for many of us, sorry...

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de


More information about the samba-technical mailing list