[Samba4][Patch] Implement idmap for winbind (try 2)

Stefan (metze) Metzmacher metze at samba.org
Tue Feb 19 16:25:59 GMT 2008

Kai Blin schrieb:
> Hi folks,
> attached is the new and improved version of the idmap patches.
> The code now uses ldb transactions, stores the lower/upper bounds for the id 
> mapping in the idmap database and uses only calls to ldb functions, not samdb 
> wrappers to ldb functions. It does not depend on sidmap in any way.
> Work left to do:
> - Actually make the idmap trusted only config parameter do anything, in 
> particular sid_to_*id should try and resolve the SIDs if the parameter is 
> true.
> - Replace calls to sidmap with calls to winbind. I will do that next.
> Comments?

In a hurry:-)

1.) idmap_ctx should be long term hanging on struct wbsrv_service
2.) the usage of tmp_ctx is useless as 'state' is already a context
    with the correct scope.
3.) you should first try to do a ldb_search without a transaction
    before the code you currently have:
    - if we find the mapping we do a search and are done
    - if we don't find a mapping we should start a transaction
      and redo the seach to make sure no one else has added it
      in between, then we should create a new mapping.
4.) the if (new_uid != low) logic breaks if
    there's the highwater mark set and the value match the low
    bound, you would end up with two values for the attribute...
5.) please use hwm++; instead of ++hwm;
6.) if you have a line break within a function call, indent the 2nd line
    to the opening '(' and not just one \t.
7.) Doesn't simo proposed that we allocate uids and gids from the same
    range. So that a number is never given away as uid and gid.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080219/47a8cc49/signature.bin

More information about the samba-technical mailing list