idmap backend get_sid_from_id() never called (with proposed patch)

Jeremy Allison jra at
Sun Jan 22 01:11:41 GMT 2006

On Fri, Jan 20, 2006 at 08:15:46PM -0800, Keith Reynolds wrote:
> The changes that moved potentially expensive winbind operations into  
> a subprocess had the side effect of preventing idmap backends'  
> get_sid_from_id() entry point from ever being called.  Instead, if a  
> particular UID or GID isn't found in the cache, a call to getpwuid()  
> or getgruid() is made (via winbindd_[ug]id2name_async()), and the  
> resulting user or group name is looked up via  
> winbindd_lookupname_async().
> Centrify's software includes an NSS module that maps AD users to  
> UNIX, and I've written an idmap backend that makes our mapping  
> available to samba.  However, our software allows users and groups to  
> have a UNIX name that is different from their AD name, so the  
> uid2name/lookupname sequence doesn't always work (and could even  
> match the wrong user).  We need our idmap backend to be called to map  
> the ID to the proper SID.
> I have a patch that adds WINBIND_DUAL_UID2SID and  
> WINBIND_DUAL_GID2SID.  Since I haven't seen patches posted to this  
> list, I've put it up at for  
> review.  What's the official method for submitting patches once all  
> the feedback has been addressed?

Actually it's better if you post a proposed patch to samba-technical at
rather than leaving it on a web site. That way the intent of the author
to submit it much clearer. Sounds paranoid but remember, SCO is still
operating.... :-). Remember to use your personal (C) on any changes,
not the corporate one.

You might want to check into the winbindd in HEAD - we've been making
lots of changes here for disconnected operation...


More information about the samba-technical mailing list