[Samba4][Patch] Implement idmap for winbind (try 2)

simo idra at samba.org
Tue Feb 19 20:32:37 GMT 2008

On Tue, 2008-02-19 at 17:38 +0100, Kai Blin wrote:
> The way I understood simo, this was about using the same range for
> both uids 
> and gids, but two pools of numbers. What would be the benefit of only
> using 
> one pool?

This is something that maybe debatable, but the point is that if you got
the mapping wrong (ie you mapped a sid to a uid but it was really a
group, you may correct it later by just changing the mapping type and
keeping the id. 

It also allows us to experiment with some ACL mapping (not done at the
moment) as we may try to use the same uid and gid as user and group
owner of a file in case someone set only one owner SID (only a group for
example). This scheme let us have an id to set on the ACL without
risking to give out more access then intended.

This is at odds with importing an existing set of mappings so it should
probably be a configuration option.

Also I see you introduced another configuration option in loadparm
(idmap trusted only).
Ccan you keep it in ldb instead like for the ranges?


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>

More information about the samba-technical mailing list