Stefan (metze) Metzmacher wrote: !!! a few line above I read 'return NT_STATUS_OK' but it
I browsed the code and the ldap schema changes... if I don't misunderstand, the the nextrid is used only for non_unix_account, and the algorithmic mapping for unix accounts, rigth?was 'ret = NT_STATUS_OK' :-(but now it works! :-) what I need is to test is the non_unix_account stuff.
So, the other question is if a non_unix_account should be in only-one domain? In other words: if an user logs in the domain x the ldap stuff will provide a rid-x only useable for the domain-x?
I wonder if this may be a strong restriction for large sites with "n" domains and only-one ldap base... because the administrators should maintain n accounts/rid per-user for access to the n domains. On the other hand, if the domain attr takes n-values may solve the multiple logon but the rid space may be broken.
Ignacio
--
____________________________________________________
Ignacio Coupeau, Ph.D. e-mail: [EMAIL PROTECTED]
CTI, Director fax: 948 425619
University of Navarra voice: 948 425600
Pamplona, SPAIN http://www.unav.es/cti/
