[Samba] One User, One Ldap, Multiple Domains

Andrew Bartlett abartlet at samba.org
Sat May 28 22:33:31 GMT 2005

On Mon, 2005-05-23 at 16:23 +0100, David Barker wrote:
> Looking through the ldapsam stuff, it looks like in samba 3 a user can 
> only be a member of one domain at a time in an ldap tree.
> attributetype ( NAME 'sambaSID'
>         DESC 'Security ID'
>         EQUALITY caseIgnoreIA5Match
>         SYNTAX{64} SINGLE-VALUE )
> Does anyone know if it's safe to drop SINGLE-VALUE from sambaSid, to 
> allow one user to be in two domains at once?

The idea was (it didn't really work out as well as I would have liked)
to have sambaSID be the unique identifier for objects in the ldap tree
(for finding them when clients ask 'what is this sid' questions).  

Why do you think you need multiple domains on one LDAP tree?

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050529/f220ae39/attachment.bin

More information about the samba mailing list