[Samba] help, we are running out of idmap uids

Gerald (Jerry) Carter jerry at samba.org
Tue Feb 21 15:27:43 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hans B. Randgaard wrote:

> Initially we set up winbind to the following:
>         idmap uid = 10000-20000
> thinking that 10000 uids were sufficient
> for the number of users we would get.
> 
> We also have defined our UNIX users
> from 20001 onwards.
> 
> However, now I can see that our latest
> windows(idmap uid) users has uid 19123
> and this troubles me.
> 
> Since I cannot just "extend" the range to
> be say 10000-30000 because of our UNIX
> UIDs, I would like to ask if it is possible to
> define 2 ranges like:
>      idmap uid = 10000-20000,30000-40000
> I noticed that winbind will not automatically
> remove UIDs not used. For instance when
> a windows user is deleted. Is there a way
> to do this manually ?
> 
> And will winbind then use the "unused" UIDs ?

Winbindd maintains a static mapping os DIS to Unix ids.
Since SIDs are never reused, neither are the Unix ids.
Ids are allocated in a monotonically increasing fashion
so you're only current choice is to expand or move
the idmap ranges.

This has come up a lot ni the past, but all the proposed
solutions were suboptimal IMO and therefore never integrated
into source tree.  I'm more than happy to try to find time
to review patches, but I've got several ongoing projects
right now and can't do this myself.

Mostly, it would involve fixing the idmap range parser.
Multiple ranges is not that hard to do I think.  You
deal with aa range in isolation until it has been exhausted
and then move on to the next.




cheers, jerry
=====================================================================
I live in a Reply-to-All world                -----------------------
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+zFvIR7qMdg1EfYRAsOeAJ4hGxDodU2tgwpQfxoMekRlZq2mqACfQN5E
TyCbsVS1Wty65Cxd1TfGnz4=
=qaCP
-----END PGP SIGNATURE-----

More information about the samba mailing list