At 10:30 18.10.2002 +0200, Ignacio Coupeau wrote:
Stefan (metze) Metzmacher wrote: !!! a few line above I read 'return NT_STATUS_OK' but itwas 'ret = NT_STATUS_OK' :-( but now it works! :-) what I need is to test is the non_unix_account stuff.
Should this mail a responde to the id allocator patch???
I browsed the code and the ldap schema changes... if I don't misunderstand, the the nextrid is used only for non_unix_account, and the algorithmic mapping for unix accounts, rigth?
there is no nextrid attribute in HEAD or 3_0
So, the other question is if a non_unix_account should be in only-one domain? In other words: if an user logs in the domain x the ldap stuff will provide a rid-x only useable for the domain-x?you can have only one samba domain in one ldap tree, all samba related objects have only a rid and a full sid and the attribute 'domain' is not used at the moment.
I wonder if this may be a strong restriction for large sites with "n" domains and only-one ldap base... because the administrators should maintain n accounts/rid per-user for access to the n domains. On the other hand, if the domain attr takes n-values may solve the multiple logon but the rid space may be broken.
metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <[EMAIL PROTECTED]>
