Deprecated but still supported "idmap backend"
actually is broken
Dmitry Butskoy
buc at odusz.so-cdu.ru
Wed Oct 10 19:58:10 GMT 2007
On Wed, 2007-10-10 at 14:43 -0500, Gerald (Jerry) Carter wrote:
> >
> > If "idmap domains" is empty (and I use "idmap backend" instead), then
> > nsswitch/idmap.c:idmap_init() does not see the name "FOO" at all. It
> > just prepare the "rid:FOO=1000-100000" and then:
> > dom->name = "default domain"
> > dom->params = "FOO=1000-100000"
> > than rid's init is called etc...
>
> Wait a minute. Maybe I misunderstood you (in the middle
> of several things ATM).
>
> I know you said the the old "rid:DOMAIN=low-high" syntax does
> not work, but I don't understand what you mean by
> "If idmap domains is empty".
The "idmap domains" config parameter just not used at all.
> idmap_rid should only be applied to
> your primary domain.
Yes, "FOO" is my primary domain.
BTW, the syntax "idmap backend = rid:FOO=low-high" I had read somewhere
in 3.0.24 docs (under Fedora Core 5). Hence I considered it as official
thing...
>
> Maybe I'm starting to see the light and should have held that last
> message a bit longer.
Imagine exactly the my case ("idmap backend" present, "idmap domain"
not), and go throw idmap_init() function... Then see what happens when
idmap_rid_id_to_sid() was called in this case...
~buc
More information about the samba-technical
mailing list