[Samba] Description of LDAP-attribute sambaSIDList
Tony Earnshaw
tonye at billy.demon.nl
Fri Apr 22 13:54:19 GMT 2005
Matthias Eichler wrote:
[...]
>>We all can read. But sometimes we need others to help us to comprehend what
>>it is that we are looking at. Have you considered that the OP is asking you
>>for help to understand what it is he is looking at???? Not how to look at
>>it.
>>
>>Regards Geoff Scott
>
>
> Ok, maybe I am just not really pointing at my problem:
> The post said
> ---cut---
> sambaSIDList
> Description: Security ID List
> Usage: User applications
> ---cut---
> and that it may be used in sambaGroupMapping-objects.
>
> Well, ok, I can list SIDs with this attribute in a Groupmapping,
> but what for?!? The group-object itself has a gidnumber for the
> unix side and a sid to map this for windows.
> For what do I need the sambaSIDList-attribute then?!? I really
> cant figure out what meaning "User applications" should have here
> for me.
Well, in a Norwegian language Samba-LDAP howto by Hallvor Engen
(http://www.kvarteret.no/etjenesten/e-dok/howtos/howtos/ldap-howto.html)
it says:
"All Unix groups in LDAP can become Unix groups and vice versa. The most
important point to recognize is that certain accounts (Domain Admins,
Domain Users and Domain Guests) must /always/ exist, that one uses the
attribute sambaSidList instead of the memberUid entries in order to list
the members, and that both groups and users may be present in such a list."
Using a GUI tool such as GQ helps both to visualize this and to see what
objectClasses contain what attributes (and the other way around).
[...]
--Tonni.
--
mail: tonye at billy.demon.nl
http://www.billy.demon.nl
They love us, don't they, They feed us, won't they ...
More information about the samba
mailing list