[Samba] Does anybody use idmap_adex?

Gerald Carter jerry at plainjoe.org
Mon Jun 28 09:37:28 MDT 2010


(sorry...I keep sending from my work address which is not
subscribed to the lists)

Hey Simo,

On 06/28/2010 10:29 AM, simo wrote:

> Ok, for some reason I thought information was maintained
> on your side of the trust using the cells.

Sort of correct.  But these are specific OU cells and not
a forest wide cell.  At the risk of digressing into a Likewise
specific thing, an OU cell stores the meta data for objects
in a container inside the OU.  So you can add a user or group
across a one-way trust to an OU cell and the UNIX attribute
information is stored inside the OU in *your* domain.
So in this case, you don't send LDAP queries across a one-way
trust.  In the RFC2307 forest cell case, the UNIX attribute
information is stored *on* the actual user and group object.

Idmap_adex only supported the RFC2307 forest "cell" since this
was easy to do using the MS "Identity Services for Unix" management
tools.

Make sense?



cheers, jerry
-- 
Director of Engineering                      http://www.likewise.com/


More information about the samba mailing list