On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk > wrote: > >> If you have hundreds or thousands of users and hundreds of groups, >> well good luck. It is extremely hard to automate assigning these >> uids/ >> gids and making sure they don't collide with each other or other unix >> systems and doing it by hand is a torture reserved for the ninth >> circle of hell. >> >> If only nss_ldap had a SID->UID/GID mapping like samba has. >> > > How about winbind with a ldap backend? winbind creates the uids/gids > and > the rest just run nss_ldap? > > I currently use an ldap directory to store the rids but I don't > remember > if they have been translated to uids/gids or whether the winbind > modules > do that... I don't know either, but if they do, that would work. Can samba update uid/gidNumbers of existing LDAP directory CNs? I still like the RID mapping, but if samba can write back uidNumbers based on RID map generated uids that would solve the problem. -Ross