New approach for winbind to match Windows to UNIX users and back

[Michael Fair]

"Andrew Bartlett" <abartlet at samba.org> wrote in message
news:1047549708.10385.153.camel at piglett...

> I sit in two camps on this one - for local UIDs/GIDs, I actually like
> the 'algorithmic', but it's confined to a single uid/gid space.
>
> For winbindd, I'm convinced that the tdb mapping is the best way
> forward, but that some extensions to cope with all SIDs as GIDs.


The irony is that this is actaully proving my original proposal
to use solely GIDs ineffective since it seems that ultimately
we'll need entries in both the UID space and the GID space to
get the behavior we need.

Indeed it seems that what's actually required is a UID and a
GID per SID (I forgot about "Group Owners" of normal files,
and looking up permissions in a normal POSIX fashion uses
the UID to access a list of GIDs (including the default GID)).


So it seems like the solution to define two identically sized
ranges from the local UID and GID space and to have winbind just
burn through them incrementally while maintaining a mapping table
really ends up being the best approach.

I hadn't realized that an SID is actually 256 bits and we at
best only have 32 bits to work with I I was only thinking
about the RIDs).


-- Michael --