[Samba] Second though about removing use-rfc2307
Francesco Malvezzi
francesco.malvezzi at unimore.it
Wed Feb 19 09:45:39 UTC 2025
hi everybody,
in order to have file ownership right on the group policy dir, a few
weeks ago I removed the:
idmap_ldb:use rfc2307 = yes
from the AD DCs.
The users are defined in a OpenLDAP directory (complete with uidNumber
and gidNumber) and propagated to domain thanks to lsc-project.org tools.
Unfortunately now, as I delete a user from OpenLDAP and add her again,
she loses the access to her laptop's profile.
This is because the AD allocates a new SID in the 3000000+ range. On the
other hand, before, the AD picked a SID derived from the uidNumber from
the OpenLDAP directory that didn't change.
I was checking this instruction page:
http://samba.bigbird.es/doku.php?id=samba:no-need-for-use-rfc2307
(maybe I should had choosen the 'Unix Admins' workaround keeping the
use-rfc2307)
Is it possible to re-introduce the idmap_ldb:use rfc2307 = yes after
having removed it?
Do you have any advice for me? Also not strictly related to samba but
for example about smarter user provisioning?
thank you,
Francesco
More information about the samba
mailing list