[Samba] SaMBa 4.16.4 adds users to ACLs as groups

Ralph Boehme slow at samba.org
Tue Jun 13 09:53:06 UTC 2023

On 6/13/23 11:26, Rowland Penny via samba wrote:
> Hang on, I have just had another thought (yes, I know, dangerous)
>  From my understanding, a Samba AD DC uses idmap.ldb because it allows 
> groups to be set as 'ID_TYPE_BOTH'.
> Now that it is known that AD groups on a Unix domain member can do the 
> same without 'idmap.ldb', is there any other reason to stick with 
> idmap.ldb on a Samba AD DC ?

afaict there's no technical reason anymore, this (afair) just comes from 
times when winbindd wasn't required on AD DC and thus it had to 
implement it's own mapping.


Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
SAMBA+ Samba packages                   https://samba.plus/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20230613/504096f2/OpenPGP_signature.sig>

More information about the samba mailing list