Nick, Gerald Carter wrote: > Hey Nick, > > Nick wrote: >> Is it possible for the uid/gid numbers that are generated by the >> idmap_rid and idmap_hash to collide if there are a large number of >> users or groups? I cannot seem to find any documentation on the >> limitations of these plugins. Before using I want to make absolutely >> sure that there won't be any collisions. > > There is a small chance of collision based on the domain sid. > In testing the mean average was about40 trusted domains but I've > see it much lower on rare occasions. Also, if the highest RID > in your domain is > (as Volker points out) 2^19, the plugin will > suffer from integer overflow.
Forgot to mention that's it pretty simple to test for domain SID
hashing collisions. Just lookup "Administrator" in all domains
Each should have a unique uid. For example:
$ for d in AD DEV ATLANTIS; do \
getent passwd $d\\administrator | awk -F: '{print $3}';\
done
181928436
557842932
1658323444
Hope this helps.
cheers, jerry
signature.asc
Description: OpenPGP digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
