9765 – xidNumber not equal in ADS DCs

Bug 9765 - xidNumber not equal in ADS DCs

Summary: xidNumber not equal in ADS DCs

Status:	NEW

Alias:	None

Product:	Samba 4.0
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.0.4
Hardware:	All Linux

Importance:	P5 major (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-04 09:12 UTC by Andreas Matthus
Modified:	2015-07-13 07:25 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Matthus 2013-04-04 09:12:15 UTC

Hallo,

by using more than one AD DC users and groups can created on all mashines and it replicated SID to everyone. That is fine. But xidNumber differ on the DCs. For windows-clients is that not a problem, but by data-replication between servers or future consolidation of storages it brings a lot of confusion.

Incidentally I don't take pleasure mapping "domain users" per default to xidNumber 100 (unix group "users"). I think it is better to differ and all the world know "domain users" as gid 513 (and so on by other default-windows-groups). 

By correcting that with a ldapmodify-coomand, I notice that 516 und 521 not get any idmap by creation second DC - O.K. that is not fatally, but strange.

With regards
Andreas Matthus