git.samba.org - kai/samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Mon, 28 Apr 2003 10:20:55 +0000 (10:20 +0000)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 28 Apr 2003 10:20:55 +0000 (10:20 +0000)
commit	3e07406ade81e136f67439d4f8fd7fe1dbb6db14
tree	6039db0e459939dc2ee5abc054f43f4f94c903bc	tree
parent	04d27381325561038bee1c27f10c748b9aaf447d	commit \| diff

A new pdb_ldap!

This patch removes 'non unix account range' (same as idra's change in HEAD),
and uses the winbind uid range instead.

More importanly, this patch changes the LDAP schema to use 'ntSid' instead
of 'rid' as the primary attribute.  This makes it in common with the group
mapping code, and should allow it to be used closely with a future idmap_ldap.

Existing installations can use the existing functionality by using the
ldapsam_compat backend, and users who compile with --with-ldapsam will get
this by default.

More importantly, this patch adds a 'sambaDomain' object to our schema -
which contains 2 'next rid' attributes, the domain name and the domain sid.
Yes, there are *2* next rid attributes.  The problem is that we don't 'own'
the entire RID space - we can only allocate RIDs that could be 'algorithmic'
RIDs.  Therefore, we use the fact that UIDs in 'winbind uid' range will be
mapped by IDMAP, not the algorithm.

Andrew Bartlett

examples/LDAP/samba.schema		diff \| blob \| history
source/param/loadparm.c		diff \| blob \| history
source/passdb/pdb_ldap.c		diff \| blob \| history
source/passdb/pdb_smbpasswd.c		diff \| blob \| history
source/passdb/pdb_tdb.c		diff \| blob \| history