[PATCH] Check idmap config with testparm

Volker Lendecke vl at samba.org
Thu Dec 8 10:02:01 UTC 2016


On Thu, Dec 08, 2016 at 09:46:49AM +0000, Rowland Penny wrote:
> I think we need to decide one way or the other, at the moment on this
> Samba wiki page:
> 
> https://wiki.samba.org/index.php/Idmap_config_ad
> 
> Under the heading:
> 
> Advantages and Disadvantages of the ad Back End
> 
> and sub heading:
> 
> Disadvantages:
> 
> It says this:
> 
> If the Windows Active Directory Users and Computers (ADUC) program is
> not used, you have to manual track ID values to avoid duplicates.
> 
> So with one hand we are saying it is okay to use the
> msSFU30Max*idNumber attributes, but on the other hand it isn't if you
> use samba-tool. This is a bit inconsistent.

I'm afraid that I was just looking at it from a samba member
perspective. For the AD DC to handle this properly we need to implement
the rid allocation algorithm also for unix ids, but this time globally
across the whole forest. But this horse has been beaten to death so many
times that I'm not sure we still have remnants of its corpse around.

Volker



More information about the samba-technical mailing list