[SCM] Samba Shared Repository - branch master updated

Michael Adam obnox at samba.org
Tue May 31 18:54:03 MDT 2011 

The branch, master has been updated
       via  697d5c0 s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
       via  74cd06b s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains.
       via  dea3ef1 s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id
       via  2de65b9 s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal
       via  5882d3e idmap_ldap.8: Add example with readonly backend
      from  00577e9 librpc/ndr: Use converted_size to determine if NULL termination was sent

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 697d5c08acc85944df8ca9f26ab3f58bb3e7764a
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jun 1 01:19:50 2011 +0200

    s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
    
    also extend the example with ldap_user_dn.
    
    Autobuild-User: Michael Adam <obnox at samba.org>
    Autobuild-Date: Wed Jun  1 02:53:32 CEST 2011 on sn-devel-104

commit 74cd06b3dff42bda4dd0a0f3fd250a975d0258ed
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jun 1 00:30:11 2011 +0200

    s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains.
    
    After the preparations, this is achieved by using idmap_ldap_allocate_id_internal()
    as get_new_id rw method instead of idmap_ldap_allocate_id().

commit dea3ef1ab689a3d01846147d2a83377b09335f8f
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jun 1 00:25:23 2011 +0200

    s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id
    
    This is in preparation of allowing allocating ldap based domain-specific configs.

commit 2de65b97b98e2c8cc218b60da749ac17195d8413
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jun 1 00:25:23 2011 +0200

    s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal
    
    This is in preparation of allowing allocating ldap based domain-specific configs.

commit 5882d3eba3d7a82234d09a6ccb8c64e81a6240d9
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 23:28:57 2011 +0200

    idmap_ldap.8: Add example with readonly backend
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/idmap_ldap.8.xml |   36 +++++++++++++++++++++++++++++++--
 source3/winbindd/idmap_ldap.c        |   18 ++++++++--------
 2 files changed, 42 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml
index 4cbfe84..2c0fcfd 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -48,8 +48,14 @@
 		<varlistentry>
 		<term>ldap_user_dn = DN</term>
 		<listitem><para>
-			Defines the user DN to be used for authentication. If absent an
-			anonymous bind will be performed.
+			Defines the user DN to be used for authentication.
+			The secret for authenticating this user should be
+			stored with net idmap secret
+			(see <citerefentry><refentrytitle>net</refentrytitle>
+			<manvolnum>8</manvolnum></citerefentry>).
+			If absent, the ldap credentials from the ldap passdb configuration
+			are used, and if these are also absent, an anonymous
+			bind will be performed as last fallback.
 		</para></listitem>
 		</varlistentry>
 
@@ -78,7 +84,8 @@
 	<para>
 	The following example shows how an ldap directory is used as the 
 	default idmap backend. It also configures the idmap range and base 
-	directory suffix.
+	directory suffix. The secret for the ldap_user_dn has to be set with
+	"net idmap secret '*' password".
 	</para>
 
 	<programlisting>
@@ -87,6 +94,29 @@
 	idmap config * : range        = 1000000-1999999
 	idmap config * : ldap_url     = ldap://localhost/
 	idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+	idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+	</programlisting>
+
+	<para>
+	This example shows how ldap can be used as a readonly backend while
+	tdb is the default backend used to store the mappings.
+	It adds an explicit configuration for some domain DOM1, that
+	uses the ldap idmap backend. Note that a range disjoint from the
+	default range is used.
+	</para>
+
+	<programlisting>
+	[global]
+	# "backend = tdb" is redundant here since it is the default
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
+
+	idmap config DOM1 : backend = ldap
+	idmap config DOM1 : range = 2000000-2999999
+	idmap config DOM1 : read only = yes
+	idmap config DOM1 : ldap_url = ldap://server/
+	idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+	idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
 	</programlisting>
 </refsect1>
 
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 7195912..a9cb4fc 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -232,8 +232,8 @@ done:
  Allocate a new uid or gid
 ********************************/
 
-static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
-				       struct unixid *xid)
+static NTSTATUS idmap_ldap_allocate_id_internal(struct idmap_domain *dom,
+						struct unixid *xid)
 {
 	TALLOC_CTX *mem_ctx;
 	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -391,21 +391,21 @@ done:
  * For now this is for the default idmap domain only.
  * Should be extended later on.
  */
-static NTSTATUS idmap_ldap_get_new_id(struct idmap_domain *dom,
-				      struct unixid *id)
+static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
+				       struct unixid *id)
 {
 	NTSTATUS ret;
 
 	if (!strequal(dom->name, "*")) {
-		DEBUG(3, ("idmap_ldap_get_new_id: "
+		DEBUG(3, ("idmap_ldap_allocate_id: "
 			  "Refusing allocation of a new unixid for domain'%s'. "
-			  "Currently only supported for the default "
+			  "This is only supported for the default "
 			  "domain \"*\".\n",
 			   dom->name));
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	ret = idmap_ldap_allocate_id(dom, id);
+	ret = idmap_ldap_allocate_id_internal(dom, id);
 
 	return ret;
 }
@@ -484,7 +484,7 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
 	ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
 	CHECK_ALLOC_DONE(ctx->rw_ops);
 
-	ctx->rw_ops->get_new_id = idmap_ldap_get_new_id;
+	ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
 	ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
 
 	ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
@@ -1144,7 +1144,7 @@ static struct idmap_methods idmap_ldap_methods = {
 	.init = idmap_ldap_db_init,
 	.unixids_to_sids = idmap_ldap_unixids_to_sids,
 	.sids_to_unixids = idmap_ldap_sids_to_unixids,
-	.allocate_id = idmap_ldap_get_new_id,
+	.allocate_id = idmap_ldap_allocate_id,
 };
 
 NTSTATUS idmap_ldap_init(void);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list