new idmap code

simo idra at samba.org
Mon Dec 11 16:13:41 GMT 2006


On Sun, 2006-12-10 at 22:27 -0600, Gerald (Jerry) Carter wrote:

> For the most part I think we should merge the new idmap code.
> There are a couple of problems though.
> 
> First, I'm not sure that I entirely like the configuration
> parameters.  But I don't have a really good alternative right
> now.  My hesitation is only due to the complexity. The smb.conf
> settings seem to reflect a great deal of the internals of the
> code.

Let me explain why I used this approach:
1. I tried to be as less invasive as possible and parametric options are
perfect for that.
2. I wanted to give backends a way to be able to have their own
parameters, without resorting to overloading existing parameters as we
did in the past. The current code allows foobar backend to have it's own
foo and bar options without the need to change anything in loadparm.c or
idmap.c

That said, I am not religious on the current options, so if we can find
something better I'll welcome it. I would like to keep point 2 as the
driving factor if possible.

> Second, the gid_to_sid() code is failing for the when using
> the nss idmap backend.  The reason is that group mapping code
> is just broken for Samba members servers in a Samba domain.
> Of course, this was already the case, but where a gid should
> be mapped to the Unix group domain, it is not showing up in ACLs
> as S-1-0-0.  the gid_to_sid() call should fall back to the legacy
> gid_to_sid() if the winbind lookup fails regardless of whether or not
> winbindd is running.

Ok, I am sure we can find a way to handle this. I'd like to do it after
the merge if you are ok with that.

> Neither of these are showstoppers however.  Please merge to SAMBA_3_0.
> I'd like to review the configuration settings before we release
> the code in 3.0.24pre1.

Ok, do you want me to apply this big patch?
http://samba.org/~idra/patches/samba3_new_idmap.patch

Or would you prefer to see the thing committed in pieces somehow?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-technical mailing list