[PATCH] Check idmap config with testparm
repenny241155 at gmail.com
Thu Dec 8 10:14:39 UTC 2016
On Thu, 8 Dec 2016 11:02:01 +0100
Volker Lendecke <vl at samba.org> wrote:
> On Thu, Dec 08, 2016 at 09:46:49AM +0000, Rowland Penny wrote:
> > I think we need to decide one way or the other, at the moment on
> > this Samba wiki page:
> > https://wiki.samba.org/index.php/Idmap_config_ad
> > Under the heading:
> > Advantages and Disadvantages of the ad Back End
> > and sub heading:
> > Disadvantages:
> > It says this:
> > If the Windows Active Directory Users and Computers (ADUC) program
> > is not used, you have to manual track ID values to avoid duplicates.
> > So with one hand we are saying it is okay to use the
> > msSFU30Max*idNumber attributes, but on the other hand it isn't if
> > you use samba-tool. This is a bit inconsistent.
> I'm afraid that I was just looking at it from a samba member
> perspective. For the AD DC to handle this properly we need to
> implement the rid allocation algorithm also for unix ids, but this
> time globally across the whole forest. But this horse has been beaten
> to death so many times that I'm not sure we still have remnants of
> its corpse around.
I think you are missing the point here, if you use ADUC, you use the
msSFU30Max*idNumber attributes. If you use samba-tool, you don't.
This is inconsistent, it is either okay to use the msSFU30Max*idNumber
attributes or it isn't, which is it ?
More information about the samba-technical