lists.arthurdejong.org
RSS feed

Re: Newbie - user authentication failing.

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Newbie - user authentication failing.



On Tue, 2011-02-15 at 21:33 +0530, Vinay Kalkoti wrote:
> objectSid is of type "BINARY". But, the uidNumber is of type "long".

I meant that this value is perhaps as input for the hashing function and
may very well provide the needed properties. You can't just use it
as-is.

I think that, from my (luckily) limited experience with Windows and
Samba, this value is built up of some kind of domain identifier and a
unique identifier within the domain. This last part (Rid) could perhaps
be usable to provide mapping from and to the uidNumber attribute.

For the reverse lookup you have to figure out what domain part to
prepend for the search (if it is at all possible to search for the Sid).
Perhaps the Rid is available as an attribute by itself?

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users