> If you have hundreds or thousands of users and hundreds of groups, > well good luck. It is extremely hard to automate assigning these uids/ > gids and making sure they don't collide with each other or other unix > systems and doing it by hand is a torture reserved for the ninth > circle of hell. > > If only nss_ldap had a SID->UID/GID mapping like samba has. > How about winbind with a ldap backend? winbind creates the uids/gids and the rest just run nss_ldap? I currently use an ldap directory to store the rids but I don't remember if they have been translated to uids/gids or whether the winbind modules do that...