[Samba] idmap_ad alloc to store uid/gid attributes in AD - Samba

This is a discussion on [Samba] idmap_ad alloc to store uid/gid attributes in AD - Samba ; It would be a handy feature to have idmap_ad implement an alloc routine to write back the uid and gid mappings to AD either as SFU attributes or RFC 2307 attributes. I figure this could allow dynamic uid and gid ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] idmap_ad alloc to store uid/gid attributes in AD

  1. [Samba] idmap_ad alloc to store uid/gid attributes in AD


    It would be a handy feature to have idmap_ad implement an alloc routine to write back the uid and gid mappings to AD either as SFU attributes or RFC 2307 attributes.

    I figure this could allow dynamic uid and gid allocation that can be easily preserved across multiple domains in a Windows environment.

    Has there been any attempt to provide this feature?

    Ross S. W. Walker
    Information Systems Manager
    Medallion Financial, Corp.
    437 Madison Avenue
    38th Floor
    New York, NY 10022
    Tel: (212) 328-2165
    Fax: (212) 328-2125
    WWW: http://www.medallion.com



    __________________________________________________ ____________________
    This e-mail, and any attachments thereto, is intended only for use by
    the addressee(s) named herein and may contain legally privileged
    and/or confidential information. If you are not the intended recipient
    of this e-mail, you are hereby notified that any dissemination,
    distribution or copying of this e-mail, and any attachments thereto,
    is strictly prohibited. If you have received this e-mail in error,
    please immediately notify the sender and permanently delete the
    original and any copy or printout thereof.

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] idmap_ad alloc to store uid/gid attributes in AD


    On Fri, 2008-02-15 at 16:12 -0500, Ross S. W. Walker wrote:
    > It would be a handy feature to have idmap_ad implement an alloc routine to write back the uid and gid mappings to AD either as SFU attributes or RFC 2307 attributes.
    >
    > I figure this could allow dynamic uid and gid allocation that can be easily preserved across multiple domains in a Windows environment.
    >
    > Has there been any attempt to provide this feature?


    No, this would require allowing any samba server write access to any
    user in AD for, at least, the posix attributes.
    Something, I am sure, most people wouldn't want to allow.

    I am open to patches in this regard but *only* if they come with very
    clear instructions on how to limit write access to the needed attributes
    and possible only to a specific identity the samba server can use.

    Of course both read-only and read-write mode of operation must work,
    with read-only being the default.

    Simo.

    --
    Simo Sorce
    Samba Team GPL Compliance Officer
    Senior Software Engineer at Red Hat Inc.

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread