id mapping again: Mixed RFC2307 and algorithmic mappings
Richard Sharpe
realrichardsharpe at gmail.com
Thu May 19 13:41:07 UTC 2016
On Thu, May 19, 2016 at 1:44 AM, Alexander Bokovoy <ab at samba.org> wrote:
> On Wed, 18 May 2016, Richard Sharpe wrote:
>> On Wed, May 18, 2016 at 9:39 PM, Volker Lendecke
>> <Volker.Lendecke at sernet.de> wrote:
>> > On Wed, May 18, 2016 at 03:37:29PM -0700, Richard Sharpe wrote:
>> >> Does winbindd have the ability to do the following:
>> >>
>> >> 1. Use rfc2307, but if you cannot find the uidNumber,gidNumber
>> >> attributes on the user account,
>> >> 2. Fall back to using autorid mappings?
>> >>
>> >> A quick looks at the code suggests that this is not possible, but I
>> >> might be wrong.
>> >>
>> >> However, I imagine that for many organizations, there are a few
>> >> accounts with rfc2307 attributes on them, but the majority do not use
>> >> UNIX and thus do not need a UID or GID etc.
>> >
>> > No, I don't know a way right now to do that. It is a very worthwhile
>> > goal to get at of course. However, it's not entirely trivial -- what
>> > happens for example if an account that did not have unix attributes
>> > get some? It might have been mapped before with autorid, files might
>> > have been assigned to that autorid uid. Without the autorid fallback,
>> > this can't really happen so far. With the fallback, we need to at
>> > least decide what to do or not to do in that case.
>>
>> Yes, Steve and I discussed exactly that.
>>
>> Such a user is screwed until things are fixed up, which is not pleasant :-(
> I'd like to know what software they use right now to merge information
> about the user entries? None of existing LDAP-based NSS modules support
> it.
I believe that they have some home-grown scripts although they also
use NetApp filers ...
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list