[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-917-g8e19a28
Zachary Loafman
zachary.loafman at isilon.com
Mon Feb 16 10:01:23 MST 2009
Hey, Volker!
On Mon, Feb 16, 2009 at 01:04:29PM +0100, Volker Lendecke wrote:
> Hi, Tim!
>
> On Mon, Feb 16, 2009 at 02:43:09AM -0600, Tim Prouty wrote:
> > s3 auth: Add parameter that forces every user through an NSS lookup
> >
> > When set to yes, "force username map" forces every user, even AD
> > users, through an NSS lookup. This allows the token to be overridden
> > with information from NSS in certain broken environments.
>
> Can't we solve this in a different way without parameter?
> That whole area is so complex already that I would love to
> not add yet another if-statement. The way I used that
> problem so far is to add every NSS user to the username map,
> this has the same effect.
>
> Can you solve your problem that way too?
The short answer is no, this can't be solved today without a code
change. The customer has an environment where NSS is hitting LDAP/NIS,
and they need the token to represent what comes back from NIS. It adds a
prohibitive administration cost to require the customer to add a
username map parameter for every new user in this environment.
There are other possible code changes, but the way I went seemed the
cleanest. I also considered adding some sort of wildcarding into the
username map itself, but I think the way I implemented it is fairly
straightforward.
I do agree that this entire path is too complex.
--
Zach Loafman | Staff Engineer
Isilon Systems D +1-206-315-7570 F +1-206-315-7485
www.isilon.com P +1-206-315-7500 M +1-206-422-3461
More information about the samba-technical
mailing list