Craig White wrote: > On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote: >> On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk >> > wrote: >> >>>> If you have hundreds or thousands of users and hundreds of groups, >>>> well good luck. It is extremely hard to automate assigning these >>>> uids/ >>>> gids and making sure they don't collide with each other or other unix >>>> systems and doing it by hand is a torture reserved for the ninth >>>> circle of hell. >>>> >>>> If only nss_ldap had a SID->UID/GID mapping like samba has. >>>> >>> How about winbind with a ldap backend? winbind creates the uids/gids >>> and >>> the rest just run nss_ldap? >>> >>> I currently use an ldap directory to store the rids but I don't >>> remember >>> if they have been translated to uids/gids or whether the winbind >>> modules >>> do that... >> I don't know either, but if they do, that would work. >> >> Can samba update uid/gidNumbers of existing LDAP directory CNs? >> >> I still like the RID mapping, but if samba can write back uidNumbers >> based on RID map generated uids that would solve the problem. > ---- > In essence, samba knows nothing about writing anything to LDAP but > normally people would install smbldap-tools (not part of samba) to > provide a toolset to write to LDAP. Impossible. winbind certainly knows all about writing to LDAP otherwise it won't be a backend database for rid maps and especially for maintaining the same rids across boxes (okay, this got solved at a higher level and thus an ldap backend is not needed for maintaining identical rids across boxes) and I cannot imagine how that would be accomplished without knowing anything about writing to ldap. > > If smbldap-tools doesn't do what you want, modify it. > ??? What's that? ???