[Samba] idmap_rid/idmap_hash collisions?

Robert LeBlanc robert at leblancnet.us
Wed Nov 11 09:05:19 MST 2009

On Wed, Nov 11, 2009 at 9:52 AM, Gerald Carter <jerry at plainjoe.org> wrote:

> Robert LeBlanc wrote:
>  > Does it suffer from the same collision problem as rid?
> idmap_rid doesn't have a collision problem that I'm aware of
> as long as you set it up properly.  Did I misunderstand something?
> > Our AD will have a couple of hundred thousand objects in
> > the not too near future.
> Depending on account turnover and number of trusted domains,
> I think you should be fine with idmap_hash.  But if you only
> have a single domain, then idmap_rid is equivalent I think.
I think I may have not woken up completely this morning. I thought the
original question was regarding idamp_rid and basically interger rollover.
After rereading the first post, it sounds like they want to use RID and Hash
at the same time. I don't know why one want to do that, but ok. I much
prefer hash because I don't have to specify a range and hope it is large
enough. I also don't have to worry about all my machines having the same
lower end starting number so that they are the same on all machines. We have
some trusts, but they are only intended to be temporay as we transitition to
a central AD.

So if I understand right, hash does not hash the SID, it does the same as
rid and takes the last section directly from the SID and uses that withou
modification (rid adds that number to the lower range number).


Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

More information about the samba mailing list