summaryrefslogtreecommitdiff
path: root/docs/README.ldap
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-04-28 10:20:55 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-04-28 10:20:55 +0000
commit49530d0db5a509951c66b73aaf2aa101caf6117b (patch)
treed5994c69acc6e3d4210d237f10bd3628bf3888fd /docs/README.ldap
parent4121d1611da65e13e0285a8714f21d6d6be2d4d7 (diff)
downloadsamba-49530d0db5a509951c66b73aaf2aa101caf6117b.tar.gz
samba-49530d0db5a509951c66b73aaf2aa101caf6117b.tar.bz2
samba-49530d0db5a509951c66b73aaf2aa101caf6117b.zip
A new pdb_ldap!
This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
Diffstat (limited to 'docs/README.ldap')
0 files changed, 0 insertions, 0 deletions