[Samba] Description of LDAP-attribute sambaSIDList

Tony Earnshaw tonye at billy.demon.nl
Fri Apr 22 13:54:19 GMT 2005

Matthias Eichler wrote:


>>We all can read.  But sometimes we need others to help us to comprehend what
>>it is that we are looking at.  Have you considered that the OP is asking you
>>for help to understand what it is he is looking at????  Not how to look at
>>Regards Geoff Scott
> Ok, maybe I am just not really pointing at my problem:
> The post said
> ---cut---
> sambaSIDList
> Description:    Security ID List
> Usage:  User applications
> ---cut---
> and that it may be used in sambaGroupMapping-objects.
> Well, ok, I can list SIDs with this attribute in a Groupmapping,
> but what for?!? The group-object itself has a gidnumber for the
> unix side and a sid to map this for windows.
> For what do I need the sambaSIDList-attribute then?!? I really
> cant figure out what meaning "User applications" should have here
> for me.

Well, in a Norwegian language Samba-LDAP howto by Hallvor Engen 
it says:

"All Unix groups in LDAP can become Unix groups and vice versa. The most 
important point to recognize is that certain accounts (Domain Admins, 
Domain Users and Domain Guests) must /always/ exist, that one uses the 
attribute sambaSidList instead of the memberUid entries in order to list 
the members, and that both groups and users may be present in such a list."

Using a GUI tool such as GQ helps both to visualize this and to see what 
objectClasses contain what attributes (and the other way around).




mail: tonye at billy.demon.nl

They love us, don't they, They feed us, won't they ...

More information about the samba mailing list