On Mon, 2005-05-23 at 16:23 +0100, David Barker wrote:> Looking through the ldapsam stuff, it looks like in samba 3 a user can
> only be a member of one domain at a time in an ldap tree.
>
> attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
> DESC 'Security ID'
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
>
> Does anyone know if it's safe to drop SINGLE-VALUE from sambaSid, to
> allow one user to be in two domains at once?
The idea was (it didn't really work out as well as I would have liked)
to have sambaSID be the unique identifier for objects in the ldap tree
(for finding them when clients ask 'what is this sid' questions).
Why do you think you need multiple domains on one LDAP tree?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050529/f220ae39/attachment.bin