Ross S. W. Walker
2008-Feb-15 21:12 UTC
[Samba] idmap_ad alloc to store uid/gid attributes in AD
It would be a handy feature to have idmap_ad implement an alloc routine to write back the uid and gid mappings to AD either as SFU attributes or RFC 2307 attributes. I figure this could allow dynamic uid and gid allocation that can be easily preserved across multiple domains in a Windows environment. Has there been any attempt to provide this feature? Ross S. W. Walker Information Systems Manager Medallion Financial, Corp. 437 Madison Avenue 38th Floor New York, NY 10022 Tel: (212) 328-2165 Fax: (212) 328-2125 WWW: http://www.medallion.com <http://www.medallion.com/> ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
On Fri, 2008-02-15 at 16:12 -0500, Ross S. W. Walker wrote:> It would be a handy feature to have idmap_ad implement an alloc routine to write back the uid and gid mappings to AD either as SFU attributes or RFC 2307 attributes. > > I figure this could allow dynamic uid and gid allocation that can be easily preserved across multiple domains in a Windows environment. > > Has there been any attempt to provide this feature?No, this would require allowing any samba server write access to any user in AD for, at least, the posix attributes. Something, I am sure, most people wouldn't want to allow. I am open to patches in this regard but *only* if they come with very clear instructions on how to limit write access to the needed attributes and possible only to a specific identity the samba server can use. Of course both read-only and read-write mode of operation must work, with read-only being the default. Simo. -- Simo Sorce Samba Team GPL Compliance Officer <simo@samba.org> Senior Software Engineer at Red Hat Inc. <ssorce@redhat.com>