[Samba] Moving to AD for idmap backend

Rowland Penny rpenny at samba.org
Mon Nov 28 18:29:59 UTC 2022

On 28/11/2022 17:28, Vaughan, Robert J via samba wrote:
> Hello Samba listers
> We're looking at moving to idmap backend AD for our Samba domain member servers
> One concern I had is our corporation assigns uid for users in one corp sub-domain (A.X.com) interspersed with users from our other corp sub-domain (B.X.com) so that the range must be overlapping
> Some testing by a colleague shows Samba notes the overlap in the log but seems to work fine
> Can someone say if this should be fine, allowing that corp makes sure the uid are all unique in AD?

Are you going to be using more of the rfc2307 attributes than 
'uidNumber' and 'gidNumber' ?

If not, then I suggest you totally ignore them, use one of the domains 
as your main domain and add a trust for the other, then use either the 
'autorid' or 'rid' idmap backend.


More information about the samba mailing list