id mapping again: Mixed RFC2307 and algorithmic mappings
Alexander Bokovoy
ab at samba.org
Thu May 19 08:44:44 UTC 2016
On Wed, 18 May 2016, Richard Sharpe wrote:
> On Wed, May 18, 2016 at 9:39 PM, Volker Lendecke
> <Volker.Lendecke at sernet.de> wrote:
> > On Wed, May 18, 2016 at 03:37:29PM -0700, Richard Sharpe wrote:
> >> Does winbindd have the ability to do the following:
> >>
> >> 1. Use rfc2307, but if you cannot find the uidNumber,gidNumber
> >> attributes on the user account,
> >> 2. Fall back to using autorid mappings?
> >>
> >> A quick looks at the code suggests that this is not possible, but I
> >> might be wrong.
> >>
> >> However, I imagine that for many organizations, there are a few
> >> accounts with rfc2307 attributes on them, but the majority do not use
> >> UNIX and thus do not need a UID or GID etc.
> >
> > No, I don't know a way right now to do that. It is a very worthwhile
> > goal to get at of course. However, it's not entirely trivial -- what
> > happens for example if an account that did not have unix attributes
> > get some? It might have been mapped before with autorid, files might
> > have been assigned to that autorid uid. Without the autorid fallback,
> > this can't really happen so far. With the fallback, we need to at
> > least decide what to do or not to do in that case.
>
> Yes, Steve and I discussed exactly that.
>
> Such a user is screwed until things are fixed up, which is not pleasant :-(
I'd like to know what software they use right now to merge information
about the user entries? None of existing LDAP-based NSS modules support
it.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list