idmap backend get_sid_from_id() never called (with proposed patch)

Keith Reynolds keith.reynolds at
Sat Jan 21 04:15:46 GMT 2006

The changes that moved potentially expensive winbind operations into  
a subprocess had the side effect of preventing idmap backends'  
get_sid_from_id() entry point from ever being called.  Instead, if a  
particular UID or GID isn't found in the cache, a call to getpwuid()  
or getgruid() is made (via winbindd_[ug]id2name_async()), and the  
resulting user or group name is looked up via  

Centrify's software includes an NSS module that maps AD users to  
UNIX, and I've written an idmap backend that makes our mapping  
available to samba.  However, our software allows users and groups to  
have a UNIX name that is different from their AD name, so the  
uid2name/lookupname sequence doesn't always work (and could even  
match the wrong user).  We need our idmap backend to be called to map  
the ID to the proper SID.

I have a patch that adds WINBIND_DUAL_UID2SID and  
WINBIND_DUAL_GID2SID.  Since I haven't seen patches posted to this  
list, I've put it up at for  
review.  What's the official method for submitting patches once all  
the feedback has been addressed?

Keith Reynolds

More information about the samba-technical mailing list