order of idmap backends

Jeremy Allison jra at samba.org
Thu Jun 26 04:54:45 GMT 2003

On Thu, Jun 26, 2003 at 10:56:21AM +1000, Andrew Bartlett wrote:
> The way I was going to deal with this was the same way we deal with the
> 'auth_winbind' code.
> I was going to make the default idmap backend work like this:
> idmap backend = idmap_winbind:idmap_tdb
> Where idmap_winbind would know it was in winbind and just pass all
> operations on to idmap_tdb.  
> Likewise, smbd would call idmap_winbind, and if winbind isn't there, it
> would contact idmap_tdb directly.
> This means that only winbindd is allocating in the TDB, and can use it's
> knowledge of 'it really is a group/user' until we work out a scheme
> where we can do without this knowledge.
> Naturally, this also means that for the default setup, we should not
> have a problem with 1-connection-per-smbd to the remote ldap server. 
> The ability to 'set' an IDMAP mapping can also occur on the winbind
> pipe, protected by the 'winbind priv pipe' system.
> How does this sound?

Sounds ok but please don't change this code. It has been broken
for too long to for me to trust the changes.

I will make this work over the next few days - including correct
locking within idmap etc.

Any changes I will revert as I need to ensure this code is production
quality and I need complete control over it for the next few days.


More information about the samba-technical mailing list