Using direct retrieval of the UID/GID of the user and group objects in AD would
eliminate the need of a SID to UID/GID mapping which is done separately by a
LDAP server or a local database.
We currently use SAMBA 2.2 wich retrieves GIDs/UIDs through nss_ldap and
pam_ldap from PADL Software (http://www.padl.com). GIDs and UIDs are stored in
schema extensions compatible to the UNIX Services from Windows from Microsoft.
GIDs and UIDs are managed through a mmc plugin (AD4UNIX) on the AD servers
available at http://www.css-solutions.ca/ad4unix.
The goal would be to have winbind and the corresponding nss and pam module do
everything directly to Active Directory. This would be a great enhancement.
Thank you for your attendance.
Although we have not tested this against Active Directory, the idmap_ad plugin at http://
www.padl.com/download/xad_oss_plugins.tar.gz should in theory resolve this.
closing this one . We can either use the XAD plugin or
the idmap_rid plugin added for 3.0.8
originally reported against 3.0.0beta2. CLeaning out
non-production release versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.