Craig White wrote:
On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote:
On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan@bradbury.edu.hk
wrote:
If you have hundreds or thousands of users and hundreds of groups, well good luck. It is extremely hard to automate assigning these uids/ gids and making sure they don't collide with each other or other unix systems and doing it by hand is a torture reserved for the ninth circle of hell.
If only nss_ldap had a SID->UID/GID mapping like samba has.
How about winbind with a ldap backend? winbind creates the uids/gids and the rest just run nss_ldap?
I currently use an ldap directory to store the rids but I don't remember if they have been translated to uids/gids or whether the winbind modules do that...
I don't know either, but if they do, that would work.
Can samba update uid/gidNumbers of existing LDAP directory CNs?
I still like the RID mapping, but if samba can write back uidNumbers based on RID map generated uids that would solve the problem.
In essence, samba knows nothing about writing anything to LDAP but normally people would install smbldap-tools (not part of samba) to provide a toolset to write to LDAP.
Impossible. winbind certainly knows all about writing to LDAP otherwise it won't be a backend database for rid maps and especially for maintaining the same rids across boxes (okay, this got solved at a higher level and thus an ldap backend is not needed for maintaining identical rids across boxes) and I cannot imagine how that would be accomplished without knowing anything about writing to ldap.
If smbldap-tools doesn't do what you want, modify it.
??? What's that? ???