[Samba] idmap_ad alloc to store uid/gid attributes in AD

[simo]

On Fri, 2008-02-15 at 16:12 -0500, Ross S. W. Walker wrote:
> It would be a handy feature to have idmap_ad implement an alloc routine to write back the uid and gid mappings to AD either as SFU attributes or RFC 2307 attributes.
>  
> I figure this could allow dynamic uid and gid allocation that can be easily preserved across multiple domains in a Windows environment.
>  
> Has there been any attempt to provide this feature?

No, this would require allowing any samba server write access to any
user in AD for, at least, the posix attributes.
Something, I am sure, most people wouldn't want to allow.

I am open to patches in this regard but *only* if they come with very
clear instructions on how to limit write access to the needed attributes
and possible only to a specific identity the samba server can use.

Of course both read-only and read-write mode of operation must work,
with read-only being the default.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>