idmap backend get_sid_from_id() never called (with proposed patch)
Keith Reynolds
keith.reynolds at centrify.com
Sat Jan 21 04:15:46 GMT 2006
The changes that moved potentially expensive winbind operations into
a subprocess had the side effect of preventing idmap backends'
get_sid_from_id() entry point from ever being called. Instead, if a
particular UID or GID isn't found in the cache, a call to getpwuid()
or getgruid() is made (via winbindd_[ug]id2name_async()), and the
resulting user or group name is looked up via
winbindd_lookupname_async().
Centrify's software includes an NSS module that maps AD users to
UNIX, and I've written an idmap backend that makes our mapping
available to samba. However, our software allows users and groups to
have a UNIX name that is different from their AD name, so the
uid2name/lookupname sequence doesn't always work (and could even
match the wrong user). We need our idmap backend to be called to map
the ID to the proper SID.
I have a patch that adds WINBIND_DUAL_UID2SID and
WINBIND_DUAL_GID2SID. Since I haven't seen patches posted to this
list, I've put it up at http://www.keithr.com/patch.idmap.txt for
review. What's the official method for submitting patches once all
the feedback has been addressed?
Keith Reynolds
More information about the samba-technical
mailing list