Well here is my theory.
Most organizations with larger numbers of users generally assign users
to groups like "users" or "admin" and as a consequence have
substantially fewer groups than users. Thus the two numbers would get
out of sync. In the reverse case where an organization assigns a group
to each user one might have substantially more groups than users and
again we are out of sync. In Linux, the tradition has been to use
formulas to transform uid and gid numbers into disjoint groups of RID
numbers so that the information (uid/gid) is retained acrossed system
boundaries. For example one might use a system that will come up with
all even numbers for users and odd ones for groups. If this were not
so, we might have to maintain a seperate set of records, similar in
concept to an SQL table, with all of the RID values. In sort it has to
do with the most efficient way to store the data while retaining the
ability of the administrator to figure out what the underlying uid/gid is.
Andrey Nepomnyaschih wrote:
>Hello,
>
>I have a question regarding LDAP schema of sambaDomain. Why does it
>contains both sambaNextGroupRid and sambaNextUserRid while in Windows
>groups and users do share RID between them? What are the obstacles in
>path of having only one say sambaNextRID.
>
>Have a good time,
>Andrey Nepomnyaschih
>
>
>