Deprecated but still supported "idmap backend"
actually is broken
simo
idra at samba.org
Wed Oct 10 20:04:48 GMT 2007
On Wed, 2007-10-10 at 23:58 +0400, Dmitry Butskoy wrote:
> On Wed, 2007-10-10 at 14:43 -0500, Gerald (Jerry) Carter wrote:
>
> > >
> > > If "idmap domains" is empty (and I use "idmap backend" instead), then
> > > nsswitch/idmap.c:idmap_init() does not see the name "FOO" at all. It
> > > just prepare the "rid:FOO=1000-100000" and then:
> > > dom->name = "default domain"
> > > dom->params = "FOO=1000-100000"
> > > than rid's init is called etc...
> >
> > Wait a minute. Maybe I misunderstood you (in the middle
> > of several things ATM).
> >
> > I know you said the the old "rid:DOMAIN=low-high" syntax does
> > not work, but I don't understand what you mean by
> > "If idmap domains is empty".
>
> The "idmap domains" config parameter just not used at all.
>
>
> > idmap_rid should only be applied to
> > your primary domain.
>
> Yes, "FOO" is my primary domain.
>
>
> BTW, the syntax "idmap backend = rid:FOO=low-high" I had read somewhere
> in 3.0.24 docs (under Fedora Core 5). Hence I considered it as official
> thing...
>
>
> >
> > Maybe I'm starting to see the light and should have held that last
> > message a bit longer.
>
> Imagine exactly the my case ("idmap backend" present, "idmap domain"
> not), and go throw idmap_init() function... Then see what happens when
> idmap_rid_id_to_sid() was called in this case...
Got it, working on a patch.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba-technical
mailing list