[Samba] Getting UID and GID via LDAP/LDB query on a non-rfc2307 domain...
Rowland Penny
rpenny at samba.org
Tue Jan 6 19:18:11 UTC 2026
On Tue, 6 Jan 2026 19:12:15 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> > Can you please explain just what you require.
>
> suppose i need to build a pure-LDAP script to query some aspect of
> user data.
>
> If i use rfc2307 and i need UID/GID, i can simply query it (uidNumber
> and gidNumber).
>
> If i use RID, i've some operational field to query UID/GID? Or i need
> in script to extract SID, strip last part (RID), extract 'domain base
> id' from samba conf, use standard formula to compute UID (and similar
> way, GID)?
>
>
> I hope i was clear now. Thanks.
>
Yes, what you are asking is now clear, but using LDAP isn't going to
work, there isn't anything to search for, not if you discount the
objects SID.
The Unix UID or GID does not exist in AD if you do not use rfc2307
attributes.
The 'rid' idmap backend calculates the UID or GID from the objects RID
and the low range set in the smb.conf file using this calculation:
ID = RID + LOW_RANGE_ID
So if the RID is 513 and the low range is set to 10000, it becomes this:
10513 = 513 + 10000
So if you require the RID, you can get it back by reversing the
calculation:
RID = ID - LOW_RANGE_ID
Not sure how far this gets you, the RID is meaningless to Unix, which
is why Samba maps them to UID & GID numbers.
Rowland
More information about the samba
mailing list