On 05/13/2012 07:49 PM, Andrew Bartlett wrote:
On Sun, 2012-05-13 at 10:40 -0700, Matthieu Patou wrote:
On 05/12/2012 11:30 PM, steve wrote:
Hi everyone
I can change a mapping in idmap.ldb according to the samba4 wiki:
https://wiki.samba.org/index.php/Samba4/HOWTO#Managing_Samba_4_Active_Directory_From_Windows_XP_Pro
But if I delete an object via ldbmodify or ldbedit, it doesn't delete
the entry in idmap.ldb. We have users who we deleted long ago still
present there. Over a period of time, this could amount to a lot of
wasted space.
No the space used in idmap for a user mapping is ridiculously small if
you don't have removed ~ 10 000 users it's not worth to worry about
Would it be possible that samba-tool user delete<x> and samba-tool
group delete<y> also delete the corresponding entry in idmap.ldb?
Yeah it could be file an request in bugzilla explaining this, it's an
enhancement and I think it has a pretty low priority.
In the same time you should ask also for an expunge command so that if
you removed the user/group from ADCU we could remove all inactive groups.
But that's very very very low priority to me but should be rather easy
to do.
The reason not to do this at all is that just as the SID is never
re-used, the UID should not be re-used.
The thing is that we keep track of the latest usn (at least in s4 idmap)
so even if we purge removed users we won't cycle on already affected
UID/GID.
Additionally, if that UID or SID were to be found on a file ACL, it is
critically important that we continue to map it in the same way (as the
acl_xattr check-hash on the SD for posix/NT consistency is done on the
mapped-from-posix NT ACL).
Oh I didn't knew that.
--
Matthieu Patou
Samba Team
http://samba.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
