Deprecated but still supported "idmap backend" actually is broken

Dmitry Butskoy buc at
Wed Oct 10 19:33:41 GMT 2007

On Wed, 2007-10-10 at 14:04 -0500, Gerald (Jerry) Carter wrote:

> > The problem is the idmap domain name at runtime are 
> > the string "default domain" instead of the actual doman name,
> > and winbindd cannot find such a "domain" (until I change the doman
> > ame at AD to 'DEFAULT DOMAIN.COM' 8) )
> Nope.  This should be equivalent (assuming I don't have typos in
> any option names).
> 	idmap domains = FOO
> 	idmap config FOO:backend = rid
> 	idmap config FOO:read_only = yes
> 	idmap config FOO:range = 1000-100000

Yep, should. But not.

If "idmap domains" is empty (and I use "idmap backend" instead), then
nsswitch/idmap.c:idmap_init() does not see the name "FOO" at all. It
just prepare the "rid:FOO=1000-100000" and then:
dom->name = "default domain"
dom->params = "FOO=1000-100000"
than rid's init is called etc...

"FOO" does not go to "dom->name". Then winbindd tries to operate with
wrong name, and since there is no the name "default domain" in the
"domain_list()" at all, it fails.


More information about the samba-technical mailing list