Samba PDC: howto calculate RID while using the LDAP backend

Posted on

did anybody been trying to solve how to customize the Samba user SID - and particularly the RID part of SID?

few facts:
- OS is RHEL 6.5
- samba version:
samba.x86_64 3.6.9-164.el6
samba-client.x86_64 3.6.9-164.el6
samba-common.x86_64 3.6.9-164.el6
samba-winbind.x86_64 3.6.9-164.el6
samba-winbind-clients.x86_64 3.6.9-164.el6
samba4-libs.x86_64 4.0.0-58.el6.rc4

  • smbldap tools:
    smbldap-tools.noarch 0.9.10-1.el6

  • ldap backend (389 directory server)

My question is:

I'd like to have posix UID equal to RID (for the human readability sake) - how to achieve it best?

Let me elaborate:

there is difference in RID value while adding user to LDAP backend through the smbldap script "smbldap-useradd" versus "smbpasswd -a"

"smbldap-useradd" produce RID based on equation: UID*2 + 1000 so as result, my user having UID 1001 will have RID 3002 stored in LDAP backend - i have been searching this script for this equation but can't find it, is it something contained in Samba schema?

"smbpasswd -a" produce next free RID (starting at 1000 and incremented by 1) - so eg. if i add user via 389-console to LDAP and specify the user account posix attributes and then i use "smbpasswd -a" to add Samba attributes to it, the resulting RID for posix user with UID 1001 would be again 1001 (or the next free RID)

This discrepancy bothers me a bit, because i'd like to have possibility to add users both way to LDAP while keeping the RID numbering tidy and logical.

Anybody has been thinking about this? How to approach the user RID numbering in Samba? Is it even worth it to 'bother'? Does it seam logical to you to basically keep the posix UID = Samba RID?
I'd be glad for any opinion / experience with it.

Thank You