[CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

Wed Feb 10 14:50:25 UTC 2010
Ross Walker <rswwalker at gmail.com>

On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk 
 > wrote:

>
>> If you have hundreds or thousands of users and hundreds of groups,
>> well good luck. It is extremely hard to automate assigning these  
>> uids/
>> gids and making sure they don't collide with each other or other unix
>> systems and doing it by hand is a torture reserved for the ninth
>> circle of hell.
>>
>> If only nss_ldap had a SID->UID/GID mapping like samba has.
>>
>
> How about winbind with a ldap backend? winbind creates the uids/gids  
> and
>  the rest just run nss_ldap?
>
> I currently use an ldap directory to store the rids but I don't  
> remember
> if they have been translated to uids/gids or whether the winbind  
> modules
> do that...

I don't know either, but if they do, that would work.

Can samba update uid/gidNumbers of existing LDAP directory CNs?

I still like the RID mapping, but if samba can write back uidNumbers  
based on RID map generated uids that  would solve the problem.

-Ross