Deprecated but still supported "idmap backend"
actually is broken
Gerald (Jerry) Carter
jerry at samba.org
Wed Oct 10 19:43:23 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dmitry Butskoy wrote:
> On Wed, 2007-10-10 at 14:04 -0500, Gerald (Jerry) Carter wrote:
>
>>> The problem is the idmap domain name at runtime are
>>> the string "default domain" instead of the actual doman name,
>>> and winbindd cannot find such a "domain" (until I change the doman
>>> ame at AD to 'DEFAULT DOMAIN.COM' 8) )
>> Nope. This should be equivalent (assuming I don't have typos in
>> any option names).
>>
>> idmap domains = FOO
>> idmap config FOO:backend = rid
>> idmap config FOO:read_only = yes
>> idmap config FOO:range = 1000-100000
>
> Yep, should. But not.
>
> If "idmap domains" is empty (and I use "idmap backend" instead), then
> nsswitch/idmap.c:idmap_init() does not see the name "FOO" at all. It
> just prepare the "rid:FOO=1000-100000" and then:
> dom->name = "default domain"
> dom->params = "FOO=1000-100000"
> than rid's init is called etc...
Wait a minute. Maybe I misunderstood you (in the middle
of several things ATM).
I know you said the the old "rid:DOMAIN=low-high" syntax does
not work, but I don't understand what you mean by
"If idmap domains is empty". idmap_rid should only be applied to
your primary domain. What domain are you trying to apply it to?
Maybe I'm starting to see the light and should have held that last
message a bit longer.
jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHDStbIR7qMdg1EfYRAnCGAJ90zW6/cd6ye+H5Rf1Es8hgI1hHSQCg3Ts7
V7UGmTtqtxKTvPC01WCwsXE=
=8lOA
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list