[Samba] uidNumber. ( Was: What is --rfc2307-from-nss ??)

Rowland Penny rowlandpenny at googlemail.com
Tue Dec 2 12:47:50 MST 2014

On 02/12/14 19:24, Greg Zartman wrote:
> On Tue, Dec 2, 2014 at 11:15 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>     Doh, I missed that, well spotted Steve.
>     Do not alter idmap.ldb, leave it alone, use RFC2307 attributes
>     where possible and join my campaign to get winbindd to pull all
>     the attributes :-D
> So, the xidNumber isn't needed?  I'm going to be use SSSD for local 
> auth, which pulls uidNumber from the AD, but didn't know if something 
> else uses xidNumber
> Greg

If you examine idmap.ldb with ldbedit, you will see it contains records 
for builtin users/groups AND domain users/groups. On the samba 4 AD DC, 
if you do not use RFC2307 attributes, the domain users/groups 
xidNumber's are used via winbind, but if you do use the RFC2307 
attributes for domain users/groups, then the xidNumbers are ignored. The 
builtin users/groups always use the xidNumbers, you do not need to 
concern yourself these.


More information about the samba mailing list