Commit my stuff to 3.0?
Andrew Bartlett
abartlet at samba.org
Sun Oct 13 13:44:00 GMT 2002
Simo Sorce wrote:
>
> On Sun, 2002-10-13 at 15:13, Stefan (metze) Metzmacher wrote:
> > I think idmap is the right place. we should move it from nsswitch to an own
> > directory and make it plugable. (See Roadmap of 3_0: it is needed)
>
> I'm not sure we need it to be pluggable, please explain the benefits.
We should be able to store it in LDAP or TDB or ...
LDAP storage (backed with TDB cache) kills off the nasty matter of
winbind uid sync/NFS, but has nasty problems if you LDAP server is
unreachable. (Many sites will accept this however).
> > And let it map sid -> u/gids and u/gids -> sid.
> >
> > Maybe let it hold two contexts:
>
> why??
>
> > 1. for all trusted domains (and our domain if we are a member server)
> > uses
> > winbind uid =
> > winbind gid =
> >
> > to export mapping to unix (nss_winbind) and samba
> >
> > 2. for our local sam (witch is also the domain sam if we are a DC)
> > uses
> > idmap uid =
> > idmap gid =
> >
> > to export mappings to samba (and maybe later also to unix via winbind)
>
> Makes no sense, we need only a single idmap that handles all
> sid->[u,g]id [u,g]id->sid, splitting it into pieces is the most wrong
> thing we may do.
Well, we operate in 2 fundementally different modes: Winbind based
users are fixed in SID, and we set the UID/GID. Unix based users are
fixed in uid/gid and we allocate the SID.
I think this is what metze was meaning.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list