Deprecated but still supported "idmap backend" actually is broken

simo idra at
Sat Oct 13 15:51:26 GMT 2007

On Fri, 2007-10-12 at 20:48 +0400, Dmitry Butskoy wrote:
> simo wrote:
> >> Maybe the change (from "default domain" to lp_workgroup()) should go to 
> >> the rid code? I.e. in "nsswitch/idmap_rid.c:idmap_rid_initialize()" 
> >> something like:
> >>
> >> if (strequal (dom->name, "default domain")) {
> >>     ctx->domain_name = talloc_strdup( ctx, lp_workgroup() );
> >> } else {
> >>     ctx->domain_name = talloc_strdup( ctx, dom->name );
> >> }
> >>     
> >
> > No I don't like this solution as it put too much knowledge in the
> > modules.
> >
> >   
> I thought that it is actually required for rid backend only...

Actually it is, but this is a modular infrastructure, anyone can build
their own module.

I think the problem in this code is that we assume that dom_list[] can
have special values, but that is not true anymore. The attached patch
fixes this stuff by checking if in the list there is the special
default_domain variable. If it is so it skips the comparison with
lp_workgroup(), re-establishing the previous behavior.
I have to say I don't like this too much, but it is a one liner and it
is easier to make sure this emulates perfectly the previous behavior.

IMO, it would be better to simply drop support for the previous syntax
with this new major version, it would be justified given the version
change and can greatly simplify the code, but I'll leave the decision to


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Senior Software Engineer at Red Hat Inc. <ssorce at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba3_idmap_nss_when_trusted_only.patch
Type: text/x-patch
Size: 415 bytes
Desc: not available
Url :

More information about the samba-technical mailing list