This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: timeout in LDAP access


Greetings, Denis Excoffier!

>>> A POSIX offset of 0 is bad.  If other trusted domains have no functional
>>> POSIX offset value, but are set to 0 instead, they won't have different
>>> UID values for accounts of different domains.  Two users from different
>>> domains, both with RID 1000 will both have UID 1000 in Cygwin.  Also,
>>> the lower UID numbers are reserved for special accounts.
>>> 
>>> There is no guarantee that there won't be a collision at some point of
>>> the 32 bit UID spectrum, but a POSIX offset of 0 will almost guarantee
>>> the collision.

> Independently, i’m still not sure we have to workaround IT "madness" at all. First, IT
> people might set PosixOffset to 1 for each domain and you cannot catch this kind
> of alternate madness. Also, be sure that if some user someday suffers from a duplicate
> UID situation, this will be reported to them and hopefully addressed (or not because
> this might be expected), but most probably for a single domain. We have to live with
> PosixOffset=0.

I'd say, setting up your AD with zero offset is as bad, as using
192.168.0.1/24 network (or any other well known range) for VPN connections.
I don't think this is a situation that should be attempted to fix from client
side.
What we really need here is a comprehensive explanation of the issue and a
suggested way to remedy it at the root.


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 15.07.2014, <22:08>

Sorry for my terrible english...

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]