[Samba] [PATCH] allow to create Unix-UID/SID mapping in samba-tool user create

Gémes Géza geza at kzsdabas.hu
Tue Sep 25 08:56:12 MDT 2012

2012-09-25 11:58 keltezéssel, Alexander Wuerstlein írta:
> On Tue, 25 Sep 2012 15:49:11 +1000
> Andrew Bartlett <abartlet at samba.org> wrote:
>> On Tue, 2012-09-25 at 00:19 +0200, Alexander Wuerstlein wrote:
>>> From: Alexander Wuerstlein <arw at arw.name>
>>> Reads Unix UID from NSS or commandline and creates a
>>> UID/SID mapping when creating a new user.
>> As Gémes Géza mentions this really needs to honour idmap_ldb:use
>> rfc2307 = yes and set it in the sam.ldb if that is set, and while
>> useful in the general case, for the case you are targeting, the
>> classicupgrade will work better.
> Classicupgrade would only handle the initial import, not later addition
> of users which is the more frequent case here. But idmap_ldb:use
> rfc2307 = yes seems to work fine, and it seems to be a lot less ugly
> than fiddling with idmap.ldb.
> I'll try to get samba-tool to create the RFC2307 attributes and send a
> patch if its not too ugly.
> Ciao,
> Alexander Wuerstlein.

Just a suggestion:

In my homemade (I hadn't time to develop a proper patch with tests) bash 
scripts I look for the RID part of the newly created users SID and 
search for the uidNumber and gidNumber attributes with that value. If 
none found assign it as uidNumber or gidNumber dependending on if a user 
or group is going to be created. If the given RID has been assigned as 
an uidNumber or gidNumber increment it and then try again, until it 
isn't in use.


Geza Gemes

More information about the samba mailing list