[Samba] Moving to AD for idmap backend
rpenny at samba.org
Mon Nov 28 18:29:59 UTC 2022
On 28/11/2022 17:28, Vaughan, Robert J via samba wrote:
> Hello Samba listers
> We're looking at moving to idmap backend AD for our Samba domain member servers
> One concern I had is our corporation assigns uid for users in one corp sub-domain (A.X.com) interspersed with users from our other corp sub-domain (B.X.com) so that the range must be overlapping
> Some testing by a colleague shows Samba notes the overlap in the log but seems to work fine
> Can someone say if this should be fine, allowing that corp makes sure the uid are all unique in AD?
Are you going to be using more of the rfc2307 attributes than
'uidNumber' and 'gidNumber' ?
If not, then I suggest you totally ignore them, use one of the domains
as your main domain and add a trust for the other, then use either the
'autorid' or 'rid' idmap backend.
More information about the samba