[Samba] Description of LDAP-attribute sambaSIDList
tonye at billy.demon.nl
Fri Apr 22 13:54:19 GMT 2005
Matthias Eichler wrote:
>>We all can read. But sometimes we need others to help us to comprehend what
>>it is that we are looking at. Have you considered that the OP is asking you
>>for help to understand what it is he is looking at???? Not how to look at
>>Regards Geoff Scott
> Ok, maybe I am just not really pointing at my problem:
> The post said
> Description: Security ID List
> Usage: User applications
> and that it may be used in sambaGroupMapping-objects.
> Well, ok, I can list SIDs with this attribute in a Groupmapping,
> but what for?!? The group-object itself has a gidnumber for the
> unix side and a sid to map this for windows.
> For what do I need the sambaSIDList-attribute then?!? I really
> cant figure out what meaning "User applications" should have here
> for me.
Well, in a Norwegian language Samba-LDAP howto by Hallvor Engen
"All Unix groups in LDAP can become Unix groups and vice versa. The most
important point to recognize is that certain accounts (Domain Admins,
Domain Users and Domain Guests) must /always/ exist, that one uses the
attribute sambaSidList instead of the memberUid entries in order to list
the members, and that both groups and users may be present in such a list."
Using a GUI tool such as GQ helps both to visualize this and to see what
objectClasses contain what attributes (and the other way around).
mail: tonye at billy.demon.nl
They love us, don't they, They feed us, won't they ...
More information about the samba