On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote: > On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk > > wrote: > > > > >> If you have hundreds or thousands of users and hundreds of groups, > >> well good luck. It is extremely hard to automate assigning these > >> uids/ > >> gids and making sure they don't collide with each other or other unix > >> systems and doing it by hand is a torture reserved for the ninth > >> circle of hell. > >> > >> If only nss_ldap had a SID->UID/GID mapping like samba has. > >> > > > > How about winbind with a ldap backend? winbind creates the uids/gids > > and > > the rest just run nss_ldap? > > > > I currently use an ldap directory to store the rids but I don't > > remember > > if they have been translated to uids/gids or whether the winbind > > modules > > do that... > > I don't know either, but if they do, that would work. > > Can samba update uid/gidNumbers of existing LDAP directory CNs? > > I still like the RID mapping, but if samba can write back uidNumbers > based on RID map generated uids that would solve the problem. ---- In essence, samba knows nothing about writing anything to LDAP but normally people would install smbldap-tools (not part of samba) to provide a toolset to write to LDAP. If smbldap-tools doesn't do what you want, modify it. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.