Using direct retrieval of the UID/GID of the user and group objects in AD would eliminate the need of a SID to UID/GID mapping which is done separately by a LDAP server or a local database. We currently use SAMBA 2.2 wich retrieves GIDs/UIDs through nss_ldap and pam_ldap from PADL Software (http://www.padl.com). GIDs and UIDs are stored in schema extensions compatible to the UNIX Services from Windows from Microsoft. GIDs and UIDs are managed through a mmc plugin (AD4UNIX) on the AD servers available at http://www.css-solutions.ca/ad4unix. The goal would be to have winbind and the corresponding nss and pam module do everything directly to Active Directory. This would be a great enhancement. Thank you for your attendance. Regards.
Although we have not tested this against Active Directory, the idmap_ad plugin at http:// www.padl.com/download/xad_oss_plugins.tar.gz should in theory resolve this.
closing this one . We can either use the XAD plugin or the idmap_rid plugin added for 3.0.8
originally reported against 3.0.0beta2. CLeaning out non-production release versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.