id mapping again: Mixed RFC2307 and algorithmic mappings

[Richard Sharpe]

On Wed, May 18, 2016 at 9:39 PM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Wed, May 18, 2016 at 03:37:29PM -0700, Richard Sharpe wrote:
>> Does winbindd have the ability to do the following:
>>
>> 1. Use rfc2307, but if you cannot find the uidNumber,gidNumber
>> attributes on the user account,
>> 2. Fall back to using autorid mappings?
>>
>> A quick looks at the code suggests that this is not possible, but I
>> might be wrong.
>>
>> However, I imagine that for many organizations, there are a few
>> accounts with rfc2307 attributes on them, but the majority do not use
>> UNIX and thus do not need a UID or GID etc.
>
> No, I don't know a way right now to do that. It is a very worthwhile
> goal to get at of course. However, it's not entirely trivial -- what
> happens for example if an account that did not have unix attributes
> get some? It might have been mapped before with autorid, files might
> have been assigned to that autorid uid. Without the autorid fallback,
> this can't really happen so far. With the fallback, we need to at
> least decide what to do or not to do in that case.

Yes, Steve and I discussed exactly that.

Such a user is screwed until things are fixed up, which is not pleasant :-(

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)