Then, at least, can lookups for 'username' return matches for 'DOM \username'? This would make it act more windows-like, anyways, where the user can login using 'username', unless it conflicts with a local user.
On Fri, 2007-07-06 at 15:50 -0500, Gerald (Jerry) Carter wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gerald (Jerry) Carter wrote: > > > Nope. You haven't looked at how much trouble this would > > be in the code. For example, Lookupsid() *always* returns > > the sAMAcountName but LookupName() will resolve a UPN to > > the same SID. > > > > So The conversion is asymetric. UPN->SID->sAMAcountName. > > But canonicalizing on the sAMAccountName does give you a > > symmetic mapping. > > > > Secondly, your 'unix' variant would break with trusted domains. > > > > So yes, it is a bad idea for very real technical reasons. > > I should clarify that you can easily convert form UPN > to sAMAcountName and vice versa using the DsCrackNames > calls but this requires a lot of plumbing we don't > have currently and would be a fundamental change in > design which would require a lot of code restabilization. > > Or of course you can use LDAP queries but remember that > machines do not have UPNs by default. So what do you > use then....? > > > > > cheers, jerry > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGjqr5IR7qMdg1EfYRAp8cAKCXRYT54CMNBbnYUlRPsuDwErPfLACgoYQ3 > 7l3fIz4KrkEecX5dPZFDhFA= > =5nEl > -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
