winbindd uid and gid range assumptions

[Andrew Bartlett]

Mike Gerdts wrote:
> 
> It seems as though there was an assumption that users of winbindd would
> have switched entirely to NT domain authentication or that they would
> have distinct range of UIDs/GIDs for /etc/passwd (or NIS) and NT domain.

> Is there any good reason to not just let get_id_from_sid() in
> nsswitch/winbindd_idmap.c do all the checking?  It seems as though the
> optimization achieved by the multitude of checks is minimal and greatly
> reduces the chances integration possibilities between winbindd and
> traditional unix authentication.

Moving over the socket is a very expencive operation, particularly
compared to a simple if statement.  Also, where we know that a uid is
local, we need to check with code that winbind isn't linked to - the
passdb backend.

But yes, we need to deal with things like getting the uid from the SFU
LDAP schema, so this may well change in the future. 

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net