simo idra at
Thu Jul 17 12:52:20 GMT 2008

On Thu, 2008-07-17 at 14:40 +0200, Volker Lendecke wrote:
> Hi!
> $SUBJECT is an effort to simplify and streamline the idmap
> implementation in winbind.
> Main changes:
> The cache directly uses gencache, so you can watch and
> delete cached mappings with "net cache".
> "idmap domains" is gone, the parent winbind figures out the
> list of trusted domains itself. If it becomes aware of a new
> trusted domain, it looks in smb.conf whether a special
> "idmap config" style configuration is around. If so, then it
> tells the winbind idmap child about that fact in the child
> request.domain_name field. The range parameter in idmap
> config settings is mandatory, the parent winbind uses it to
> direct the unix id to sid mappings correctly.
> The default domain is set via "idmap backend", "idmap config
> foo : default = yes" is gone. It is highly recommended if
> not required that this backend is writable for not specially
> configured unknown trusted domains.
> "idmap alloc backend" defaults to "idmap backend". "idmap
> alloc backend" is only required to set explicitly if you
> have a special unix id source, id mappings will always be
> written to the "idmap backend". "idmap alloc config : range"
> is gone, as this must match the "idmap [ug]id" valid for
> "idmap backend" anyway, we now only use that.
> From my point of view this is upwards compatible with
> pre-3.0.25 configs, post-3.0.25 configs will have to set
> their default domain via "idmap backend".

Please don't check this in until I have a chance to take a look.
I am leaving today for vacation so that may take a while.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Senior Software Engineer at Red Hat Inc. <ssorce at>

More information about the samba-technical mailing list