[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Tue May 31 18:54:03 MDT 2011
The branch, master has been updated
via 697d5c0 s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
via 74cd06b s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains.
via dea3ef1 s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id
via 2de65b9 s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal
via 5882d3e idmap_ldap.8: Add example with readonly backend
from 00577e9 librpc/ndr: Use converted_size to determine if NULL termination was sent
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 697d5c08acc85944df8ca9f26ab3f58bb3e7764a
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 01:19:50 2011 +0200
s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
also extend the example with ldap_user_dn.
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Wed Jun 1 02:53:32 CEST 2011 on sn-devel-104
commit 74cd06b3dff42bda4dd0a0f3fd250a975d0258ed
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 00:30:11 2011 +0200
s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains.
After the preparations, this is achieved by using idmap_ldap_allocate_id_internal()
as get_new_id rw method instead of idmap_ldap_allocate_id().
commit dea3ef1ab689a3d01846147d2a83377b09335f8f
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 00:25:23 2011 +0200
s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id
This is in preparation of allowing allocating ldap based domain-specific configs.
commit 2de65b97b98e2c8cc218b60da749ac17195d8413
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 00:25:23 2011 +0200
s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal
This is in preparation of allowing allocating ldap based domain-specific configs.
commit 5882d3eba3d7a82234d09a6ccb8c64e81a6240d9
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 23:28:57 2011 +0200
idmap_ldap.8: Add example with readonly backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_ldap.8.xml | 36 +++++++++++++++++++++++++++++++--
source3/winbindd/idmap_ldap.c | 18 ++++++++--------
2 files changed, 42 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml
index 4cbfe84..2c0fcfd 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -48,8 +48,14 @@
<varlistentry>
<term>ldap_user_dn = DN</term>
<listitem><para>
- Defines the user DN to be used for authentication. If absent an
- anonymous bind will be performed.
+ Defines the user DN to be used for authentication.
+ The secret for authenticating this user should be
+ stored with net idmap secret
+ (see <citerefentry><refentrytitle>net</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>).
+ If absent, the ldap credentials from the ldap passdb configuration
+ are used, and if these are also absent, an anonymous
+ bind will be performed as last fallback.
</para></listitem>
</varlistentry>
@@ -78,7 +84,8 @@
<para>
The following example shows how an ldap directory is used as the
default idmap backend. It also configures the idmap range and base
- directory suffix.
+ directory suffix. The secret for the ldap_user_dn has to be set with
+ "net idmap secret '*' password".
</para>
<programlisting>
@@ -87,6 +94,29 @@
idmap config * : range = 1000000-1999999
idmap config * : ldap_url = ldap://localhost/
idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+ idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+ </programlisting>
+
+ <para>
+ This example shows how ldap can be used as a readonly backend while
+ tdb is the default backend used to store the mappings.
+ It adds an explicit configuration for some domain DOM1, that
+ uses the ldap idmap backend. Note that a range disjoint from the
+ default range is used.
+ </para>
+
+ <programlisting>
+ [global]
+ # "backend = tdb" is redundant here since it is the default
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
+
+ idmap config DOM1 : backend = ldap
+ idmap config DOM1 : range = 2000000-2999999
+ idmap config DOM1 : read only = yes
+ idmap config DOM1 : ldap_url = ldap://server/
+ idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+ idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
</programlisting>
</refsect1>
diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 7195912..a9cb4fc 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -232,8 +232,8 @@ done:
Allocate a new uid or gid
********************************/
-static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
- struct unixid *xid)
+static NTSTATUS idmap_ldap_allocate_id_internal(struct idmap_domain *dom,
+ struct unixid *xid)
{
TALLOC_CTX *mem_ctx;
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
@@ -391,21 +391,21 @@ done:
* For now this is for the default idmap domain only.
* Should be extended later on.
*/
-static NTSTATUS idmap_ldap_get_new_id(struct idmap_domain *dom,
- struct unixid *id)
+static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom,
+ struct unixid *id)
{
NTSTATUS ret;
if (!strequal(dom->name, "*")) {
- DEBUG(3, ("idmap_ldap_get_new_id: "
+ DEBUG(3, ("idmap_ldap_allocate_id: "
"Refusing allocation of a new unixid for domain'%s'. "
- "Currently only supported for the default "
+ "This is only supported for the default "
"domain \"*\".\n",
dom->name));
return NT_STATUS_NOT_IMPLEMENTED;
}
- ret = idmap_ldap_allocate_id(dom, id);
+ ret = idmap_ldap_allocate_id_internal(dom, id);
return ret;
}
@@ -484,7 +484,7 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
ctx->rw_ops = talloc_zero(ctx, struct idmap_rw_ops);
CHECK_ALLOC_DONE(ctx->rw_ops);
- ctx->rw_ops->get_new_id = idmap_ldap_get_new_id;
+ ctx->rw_ops->get_new_id = idmap_ldap_allocate_id_internal;
ctx->rw_ops->set_mapping = idmap_ldap_set_mapping;
ret = smbldap_init(ctx, winbind_event_context(), ctx->url,
@@ -1144,7 +1144,7 @@ static struct idmap_methods idmap_ldap_methods = {
.init = idmap_ldap_db_init,
.unixids_to_sids = idmap_ldap_unixids_to_sids,
.sids_to_unixids = idmap_ldap_sids_to_unixids,
- .allocate_id = idmap_ldap_get_new_id,
+ .allocate_id = idmap_ldap_allocate_id,
};
NTSTATUS idmap_ldap_init(void);
--
Samba Shared Repository
More information about the samba-cvs
mailing list