Deprecated but still supported "idmap backend" actually
is broken
Dmitry Butskoy
buc at odusz.so-cdu.ru
Wed Oct 10 19:33:41 GMT 2007
On Wed, 2007-10-10 at 14:04 -0500, Gerald (Jerry) Carter wrote:
>
> > The problem is the idmap domain name at runtime are
> > the string "default domain" instead of the actual doman name,
> > and winbindd cannot find such a "domain" (until I change the doman
> > ame at AD to 'DEFAULT DOMAIN.COM' 8) )
>
> Nope. This should be equivalent (assuming I don't have typos in
> any option names).
>
> idmap domains = FOO
> idmap config FOO:backend = rid
> idmap config FOO:read_only = yes
> idmap config FOO:range = 1000-100000
Yep, should. But not.
If "idmap domains" is empty (and I use "idmap backend" instead), then
nsswitch/idmap.c:idmap_init() does not see the name "FOO" at all. It
just prepare the "rid:FOO=1000-100000" and then:
dom->name = "default domain"
dom->params = "FOO=1000-100000"
than rid's init is called etc...
"FOO" does not go to "dom->name". Then winbindd tries to operate with
wrong name, and since there is no the name "default domain" in the
"domain_list()" at all, it fails.
~buc
More information about the samba-technical
mailing list