On Wed, Nov 11, 2009 at 9:52 AM, Gerald Carter <[email protected]> wrote:
> Robert LeBlanc wrote: > > > Does it suffer from the same collision problem as rid? > > idmap_rid doesn't have a collision problem that I'm aware of > as long as you set it up properly. Did I misunderstand something? > > > Our AD will have a couple of hundred thousand objects in > > the not too near future. > > Depending on account turnover and number of trusted domains, > I think you should be fine with idmap_hash. But if you only > have a single domain, then idmap_rid is equivalent I think. > > I think I may have not woken up completely this morning. I thought the original question was regarding idamp_rid and basically interger rollover. After rereading the first post, it sounds like they want to use RID and Hash at the same time. I don't know why one want to do that, but ok. I much prefer hash because I don't have to specify a range and hope it is large enough. I also don't have to worry about all my machines having the same lower end starting number so that they are the same on all machines. We have some trusts, but they are only intended to be temporay as we transitition to a central AD. So if I understand right, hash does not hash the SID, it does the same as rid and takes the last section directly from the SID and uses that withou modification (rid adds that number to the lower range number). Thanks, Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
