samba - Jan 2026 - Getting UID and GID via LDAP/LDB query on a non-rfc2307 domain...

On Tue, 6 Jan 2026 19:12:15 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > Can you please explain just what you require.
> 
> suppose i need to build a pure-LDAP script to query some aspect of
> user data.
> 
> If i use rfc2307 and i need UID/GID, i can simply query it (uidNumber
> and gidNumber).
> 
> If i use RID, i've some operational field to query UID/GID? Or i need
> in script to extract SID, strip last part (RID), extract 'domain base
> id' from samba conf, use standard formula to compute UID (and similar
> way, GID)?
> 
> 
> I hope i was clear now. Thanks.
> 
Yes, what you are asking is now clear, but using LDAP isn't going to
work, there isn't anything to search for, not if you discount the
objects SID.

The Unix UID or GID does not exist in AD if you do not use rfc2307
attributes.

The 'rid' idmap backend calculates the UID or GID from the objects RID
and the low range set in the smb.conf file using this calculation:

ID = RID + LOW_RANGE_ID

So if the RID is 513 and the low range is set to 10000, it becomes this:

10513 = 513 + 10000

So if you require the RID, you can get it back by reversing the
calculation:

RID = ID - LOW_RANGE_ID

Not sure how far this gets you, the RID is meaningless to Unix, which
is why Samba maps them to UID & GID numbers.

Rowland

Mandi! Rowland Penny via samba
  In chel di` si favelave...
> The Unix UID or GID does not exist in AD if you do not use rfc2307
> attributes.
> The 'rid' idmap backend calculates the UID or GID from the objects
RID
> and the low range set in the smb.conf file using this calculation:
> ID = RID + LOW_RANGE_ID
Rowland, i know that. I'm simply asking if Samba compute this (and clealy,
the answer is 'yes' ;) and store on some operational/hidden LDAP field
that
i can explicitly query on.

--