idmap backend get_sid_from_id() never called (with proposed
patch)
Jeremy Allison
jra at samba.org
Sun Jan 22 01:11:41 GMT 2006
On Fri, Jan 20, 2006 at 08:15:46PM -0800, Keith Reynolds wrote:
> The changes that moved potentially expensive winbind operations into
> a subprocess had the side effect of preventing idmap backends'
> get_sid_from_id() entry point from ever being called. Instead, if a
> particular UID or GID isn't found in the cache, a call to getpwuid()
> or getgruid() is made (via winbindd_[ug]id2name_async()), and the
> resulting user or group name is looked up via
> winbindd_lookupname_async().
>
> Centrify's software includes an NSS module that maps AD users to
> UNIX, and I've written an idmap backend that makes our mapping
> available to samba. However, our software allows users and groups to
> have a UNIX name that is different from their AD name, so the
> uid2name/lookupname sequence doesn't always work (and could even
> match the wrong user). We need our idmap backend to be called to map
> the ID to the proper SID.
>
> I have a patch that adds WINBIND_DUAL_UID2SID and
> WINBIND_DUAL_GID2SID. Since I haven't seen patches posted to this
> list, I've put it up at http://www.keithr.com/patch.idmap.txt for
> review. What's the official method for submitting patches once all
> the feedback has been addressed?
Actually it's better if you post a proposed patch to samba-technical at samba.org
rather than leaving it on a web site. That way the intent of the author
to submit it much clearer. Sounds paranoid but remember, SCO is still
operating.... :-). Remember to use your personal (C) on any changes,
not the corporate one.
You might want to check into the winbindd in HEAD - we've been making
lots of changes here for disconnected operation...
Jeremy.
More information about the samba-technical
mailing list