[CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
Craig White
craigwhite at azapple.com
Wed Feb 10 23:18:58 UTC 2010
On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote:
> On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk
> > wrote:
>
> >
> >> If you have hundreds or thousands of users and hundreds of groups,
> >> well good luck. It is extremely hard to automate assigning these
> >> uids/
> >> gids and making sure they don't collide with each other or other unix
> >> systems and doing it by hand is a torture reserved for the ninth
> >> circle of hell.
> >>
> >> If only nss_ldap had a SID->UID/GID mapping like samba has.
> >>
> >
> > How about winbind with a ldap backend? winbind creates the uids/gids
> > and
> > the rest just run nss_ldap?
> >
> > I currently use an ldap directory to store the rids but I don't
> > remember
> > if they have been translated to uids/gids or whether the winbind
> > modules
> > do that...
>
> I don't know either, but if they do, that would work.
>
> Can samba update uid/gidNumbers of existing LDAP directory CNs?
>
> I still like the RID mapping, but if samba can write back uidNumbers
> based on RID map generated uids that would solve the problem.
----
In essence, samba knows nothing about writing anything to LDAP but
normally people would install smbldap-tools (not part of samba) to
provide a toolset to write to LDAP.
If smbldap-tools doesn't do what you want, modify it.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS
mailing list