diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-04-28 10:20:55 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-28 10:20:55 +0000 |
commit | 49530d0db5a509951c66b73aaf2aa101caf6117b (patch) | |
tree | d5994c69acc6e3d4210d237f10bd3628bf3888fd /examples/ntlogon | |
parent | 4121d1611da65e13e0285a8714f21d6d6be2d4d7 (diff) | |
download | samba-49530d0db5a509951c66b73aaf2aa101caf6117b.tar.gz samba-49530d0db5a509951c66b73aaf2aa101caf6117b.tar.bz2 samba-49530d0db5a509951c66b73aaf2aa101caf6117b.zip |
A new pdb_ldap!
This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.
More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute. This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.
Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.
More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes. The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.
Andrew Bartlett
(This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
Diffstat (limited to 'examples/ntlogon')
0 files changed, 0 insertions, 0 deletions