[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-917-g8e19a28

Zachary Loafman zachary.loafman at isilon.com
Mon Feb 16 10:01:23 MST 2009

Hey, Volker!

On Mon, Feb 16, 2009 at 01:04:29PM +0100, Volker Lendecke wrote:
> Hi, Tim!
> On Mon, Feb 16, 2009 at 02:43:09AM -0600, Tim Prouty wrote:
> >     s3 auth: Add parameter that forces every user through an NSS lookup
> >     
> >     When set to yes, "force username map" forces every user, even AD
> >     users, through an NSS lookup. This allows the token to be overridden
> >     with information from NSS in certain broken environments.
> Can't we solve this in a different way without parameter?
> That whole area is so complex already that I would love to
> not add yet another if-statement. The way I used that
> problem so far is to add every NSS user to the username map,
> this has the same effect.
> Can you solve your problem that way too?

The short answer is no, this can't be solved today without a code
change. The customer has an environment where NSS is hitting LDAP/NIS,
and they need the token to represent what comes back from NIS. It adds a
prohibitive administration cost to require the customer to add a
username map parameter for every new user in this environment.

There are other possible code changes, but the way I went seemed the
cleanest. I also considered adding some sort of wildcarding into the
username map itself, but I think the way I implemented it is fairly

I do agree that this entire path is too complex.

Zach Loafman | Staff Engineer
Isilon Systems    D +1-206-315-7570    F +1-206-315-7485
www.isilon.com    P +1-206-315-7500    M +1-206-422-3461

More information about the samba-technical mailing list