[Samba] winbind idmap customization

Gerald (Jerry) Carter jerry at samba.org
Fri Jul 6 20:50:01 GMT 2007

Hash: SHA1

Gerald (Jerry) Carter wrote:

> Nope.  You haven't looked at how much trouble this would
> be in the code.  For example, Lookupsid() *always* returns
> the sAMAcountName but LookupName() will resolve a UPN to
> the same SID.
> So The conversion is asymetric.  UPN->SID->sAMAcountName.
> But canonicalizing on the sAMAccountName does give you a
> symmetic mapping.
> Secondly, your 'unix' variant would break with trusted domains.
> So yes, it is a bad idea for very real technical reasons.

I should clarify that you can easily convert form UPN
to sAMAcountName and vice versa using the DsCrackNames
calls but this requires a lot of plumbing we don't
have currently and would be a fundamental change in
design which would require a lot of code restabilization.

Or of course you can use LDAP queries but remember that
machines do not have UPNs by default.  So what do you
use then....?

cheers, jerry

Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list