Deprecated but still supported "idmap backend" actually is broken

Gerald (Jerry) Carter jerry at
Wed Oct 10 19:43:23 GMT 2007

Hash: SHA1

Dmitry Butskoy wrote:
> On Wed, 2007-10-10 at 14:04 -0500, Gerald (Jerry) Carter wrote:
>>> The problem is the idmap domain name at runtime are 
>>> the string "default domain" instead of the actual doman name,
>>> and winbindd cannot find such a "domain" (until I change the doman
>>> ame at AD to 'DEFAULT DOMAIN.COM' 8) )
>> Nope.  This should be equivalent (assuming I don't have typos in
>> any option names).
>> 	idmap domains = FOO
>> 	idmap config FOO:backend = rid
>> 	idmap config FOO:read_only = yes
>> 	idmap config FOO:range = 1000-100000
> Yep, should. But not.
> If "idmap domains" is empty (and I use "idmap backend" instead), then
> nsswitch/idmap.c:idmap_init() does not see the name "FOO" at all. It
> just prepare the "rid:FOO=1000-100000" and then:
> dom->name = "default domain"
> dom->params = "FOO=1000-100000"
> than rid's init is called etc...

Wait a minute.  Maybe I misunderstood you (in the middle
of several things ATM).

I know you said the the old "rid:DOMAIN=low-high" syntax does
not work, but I don't understand what you mean by
"If idmap domains is empty".  idmap_rid should only be applied to
your primary domain.  What domain are you trying to apply it to?

Maybe I'm starting to see the light and should have held that last
message a bit longer.


Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list