CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote:
> On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan@bradbury.edu.hk
> > wrote:
>
> >
> >> If you have hundreds or thousands of users and hundreds of groups,
> >> well good luck. It is extremely hard to automate assigning these
> >> uids/
> >> gids and making sure they don't collide with each other or other unix
> >> systems and doing it by hand is a torture reserved for the ninth
> >> circle of hell.
> >>
> >> If only nss_ldap had a SID->UID/GID mapping like samba has.
> >>
> >
> > How about winbind with a ldap backend? winbind creates the uids/gids
> > and
> > the rest just run nss_ldap?
> >
> > I currently use an ldap directory to store the rids but I don't
> > remember
> > if they have been translated to uids/gids or whether the winbind
> > modules
> > do that...
>
> I don't know either, but if they do, that would work.
>
> Can samba update uid/gidNumbers of existing LDAP directory CNs?
>
> I still like the RID mapping, but if samba can write back uidNumbers
> based on RID map generated uids that would solve the problem.
----
In essence, samba knows nothing about writing anything to LDAP but
normally people would install smbldap-tools (not part of samba) to
provide a toolset to write to LDAP.
If smbldap-tools doesn't do what you want, modify it.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
02-11-2010, 11:43 AM
Chan Chung Hang Christopher
CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
Craig White wrote:
> On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote:
>> On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan@bradbury.edu.hk
>> > wrote:
>>
>>>> If you have hundreds or thousands of users and hundreds of groups,
>>>> well good luck. It is extremely hard to automate assigning these
>>>> uids/
>>>> gids and making sure they don't collide with each other or other unix
>>>> systems and doing it by hand is a torture reserved for the ninth
>>>> circle of hell.
>>>>
>>>> If only nss_ldap had a SID->UID/GID mapping like samba has.
>>>>
>>> How about winbind with a ldap backend? winbind creates the uids/gids
>>> and
>>> the rest just run nss_ldap?
>>>
>>> I currently use an ldap directory to store the rids but I don't
>>> remember
>>> if they have been translated to uids/gids or whether the winbind
>>> modules
>>> do that...
>> I don't know either, but if they do, that would work.
>>
>> Can samba update uid/gidNumbers of existing LDAP directory CNs?
>>
>> I still like the RID mapping, but if samba can write back uidNumbers
>> based on RID map generated uids that would solve the problem.
> ----
> In essence, samba knows nothing about writing anything to LDAP but
> normally people would install smbldap-tools (not part of samba) to
> provide a toolset to write to LDAP.
Impossible. winbind certainly knows all about writing to LDAP otherwise
it won't be a backend database for rid maps and especially for
maintaining the same rids across boxes (okay, this got solved at a
higher level and thus an ldap backend is not needed for maintaining
identical rids across boxes) and I cannot imagine how that would be
accomplished without knowing anything about writing to ldap.
>
> If smbldap-tools doesn't do what you want, modify it.
>
??? What's that? ???
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
