Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Jul 17 12:40:48 GMT 2008


$SUBJECT is an effort to simplify and streamline the idmap
implementation in winbind.

Main changes:

The cache directly uses gencache, so you can watch and
delete cached mappings with "net cache".

"idmap domains" is gone, the parent winbind figures out the
list of trusted domains itself. If it becomes aware of a new
trusted domain, it looks in smb.conf whether a special
"idmap config" style configuration is around. If so, then it
tells the winbind idmap child about that fact in the child
request.domain_name field. The range parameter in idmap
config settings is mandatory, the parent winbind uses it to
direct the unix id to sid mappings correctly.

The default domain is set via "idmap backend", "idmap config
foo : default = yes" is gone. It is highly recommended if
not required that this backend is writable for not specially
configured unknown trusted domains.

"idmap alloc backend" defaults to "idmap backend". "idmap
alloc backend" is only required to set explicitly if you
have a special unix id source, id mappings will always be
written to the "idmap backend". "idmap alloc config : range"
is gone, as this must match the "idmap [ug]id" valid for
"idmap backend" anyway, we now only use that.

From my point of view this is upwards compatible with
pre-3.0.25 configs, post-3.0.25 configs will have to set
their default domain via "idmap backend".

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list