Welcome back!
The ultimate goal of the adbindproxy Identity Mapper is for organizations to continue to use Samba while benefiting from the identity centralization capabilities enabled by our client with data stored in Active Directory.
RID generation happens in Windows AD, unlike scenarios where Samba is being used a directory substitute.
UID/GID generation is taken care by the CentrifyDC using the following scenarios:
- Express/AutoZone mode: Auto-generated and based on the AD SID of the object based on the algorithm (Centrify's/Apple's).
- Zone Mode: Generated by the provisioning rules (or manual/programmatic settings) in the Centrify zone objects in AD.
This is definitely relevant if you're using the identity mapper to generate RIDs when using Samba as a Directory. In our case we are leveraging the SID from the AD object to perform UID/GID generation with the flexibility of using auto-generated algorighms (Centrify's or Apple's) or explicitly defining it in the Zone using multiple technologies (like the now defunct SFU, RFC2307 and others).
If you can articulate why it would be beneficial to use this, we'd love to take it up for consideration. Most of these enhancements are driven by our commercial customers.
If you are a commercial customer, we'd love to hear from you via your customer success lead. Otherwise, we are open to keep the dialog in this thread (we are always open to hear ways to improve our products).
R.P