[PATCH] New external idmap module

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed May 31 08:13:23 GMT 2006

On Tue, May 30, 2006 at 04:26:27PM -0700, Dave Daugherty wrote:
> I think the two major bones 1) how to write an ID mapper that does not
> violate the GPL,

I don't disagree on this point at all. This is what an
external script that is forked can perfectly well do.

> and 2) whether or not external mappers get to control
> if winbind_idmap.tdb is to be used, which Michael's approach does not
> seem to address.

What I fail to see in this whole thread is the reason why an
existing mapping needs to be changed. You need to change the
ownership of all files as well as all ACL entries in the
file system if you change an existing mapping. You could
play very nasty tricks remotely using remote set_secdesc on
files but this is putting the box into maintenance mode for
a while. The much easier way to do this is to remove the
cache completely and restart the box.

What scenarios do you have in mind that require changing

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060531/5c515b52/attachment.bin

More information about the samba-technical mailing list