timeout in LDAP access
Andrey Repin
anrdaemon@yandex.ru
Tue Jul 15 18:20:00 GMT 2014
Greetings, Denis Excoffier!
>>> A POSIX offset of 0 is bad. If other trusted domains have no functional
>>> POSIX offset value, but are set to 0 instead, they won't have different
>>> UID values for accounts of different domains. Two users from different
>>> domains, both with RID 1000 will both have UID 1000 in Cygwin. Also,
>>> the lower UID numbers are reserved for special accounts.
>>>
>>> There is no guarantee that there won't be a collision at some point of
>>> the 32 bit UID spectrum, but a POSIX offset of 0 will almost guarantee
>>> the collision.
> Independently, i’m still not sure we have to workaround IT "madness" at all. First, IT
> people might set PosixOffset to 1 for each domain and you cannot catch this kind
> of alternate madness. Also, be sure that if some user someday suffers from a duplicate
> UID situation, this will be reported to them and hopefully addressed (or not because
> this might be expected), but most probably for a single domain. We have to live with
> PosixOffset=0.
I'd say, setting up your AD with zero offset is as bad, as using
192.168.0.1/24 network (or any other well known range) for VPN connections.
I don't think this is a situation that should be attempted to fix from client
side.
What we really need here is a comprehensive explanation of the issue and a
suggested way to remedy it at the root.
--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 15.07.2014, <22:08>
Sorry for my terrible english...
More information about the Cygwin
mailing list