Correct, and I have done so and explained extensively at the beginning to this thread. Question is: Should we stop telling people to provision with idmap_ldb:use rfc2307 = yes ? And if we do, Should we stop telling people not to give guiNuber to ?Domain Admins? if using AD ? Rowland, can you think how many (hundreds) of times have you had to explain the ?ID_TYPE_BOTH? thing ? Imagine putting an end to it. ;) LP On Jun 11, 2024 at 18:33 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote:> > Yes, very easy to test, just remove 'idmap_ldb:use rfc2307 = yes' from > a DCs smb.conf and restart the DC, it will then ignore any and all > rfc2307 attributes in AD.
Christian Naumer
2024-Jun-12 07:00 UTC
[Samba] use of ‘idmap_ldb:use rfc2307 = yes’ in DCs
Am 11.06.24 um 19:37 schrieb Luis Peromarta via samba:> Correct, and I have done so and explained extensively at the beginning to this thread. > > Question is: > > Should we stop telling people to provision with idmap_ldb:use rfc2307 = yes ?As one who uses that option I would say no. However, I see that it is very confusing for someone new to Samba. It is the same for the ID backends on member servers. RID should be the one recommended for all "Newbies". Giving all those options you can use is very "Open Source" but is also what makes it hard vor beginners. Still at least I would like to have the information about rfc2307 still in the Wiki so that nerds like me can find it if the y need it. Our use case is that (admin) users do login to the DCs and they want their respective UID/Shell etc. I admit a "thin" use case. Regards Christian