[Samba] idmap_rid/idmap_hash collisions?

Robert LeBlanc robert at leblancnet.us
Wed Nov 11 08:30:03 MST 2009

On Wed, Nov 11, 2009 at 7:52 AM, Gerald Carter <jerry at plainjoe.org> wrote:

> Hey Nick,
> Nick wrote:
> > Is it possible for the uid/gid numbers that are generated by the
> > idmap_rid and idmap_hash to collide if there are a large number of
> > users or groups?  I cannot seem to find any documentation on the
> > limitations of these plugins.  Before using I want to make absolutely
> > sure that there won't be any collisions.
> There is a small chance of collision based on the domain sid.
> In testing the mean average was about40 trusted domains but I've
> see it much lower on rare occasions.  Also, if the highest RID
> in your domain is > (as Volker points out) 2^19, the plugin will
> suffer from integer overflow.
> There's a slide or two outlining the algorithm in this slide deck
> from LInuxWorld SF '08
> <http://archives.likewiseopen.org/%7Egcarter/presentations/likewise_open_first_class_citizen_lwsf08.pdf>

How does this compare with idmap hash? I can't seem to find the doc that I
found sometime ago regarding it's details. My understanding is that it uses
31 bit uid/gid that is generated from a hash of the domain on certain bits
and a hash of the SID on certain bits. I don't recall how many bit were
allocated to each. Does it suffer from the same collision problem as rid?
Our AD will have a couple of hundred thousand objects in the not too near


Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

More information about the samba mailing list