[SCM] Samba Shared Repository - branch master updated -
abartlet at samba.org
Mon Feb 16 18:06:17 MST 2009
On Tue, 2009-02-17 at 01:49 +0100, Volker Lendecke wrote:
> On Mon, Feb 16, 2009 at 09:01:23AM -0800, Zachary Loafman wrote:
> > The short answer is no, this can't be solved today without a code
> > change. The customer has an environment where NSS is hitting LDAP/NIS,
> > and they need the token to represent what comes back from NIS. It adds a
> > prohibitive administration cost to require the customer to add a
> > username map parameter for every new user in this environment.
> It's not possible to do that with a cron job or a
> replicating LDAP server?
> > There are other possible code changes, but the way I went seemed the
> > cleanest. I also considered adding some sort of wildcarding into the
> > username map itself, but I think the way I implemented it is fairly
> > straightforward.
> > I do agree that this entire path is too complex.
> Part of this is there for a reason. We have tons of
> scenarios we have to take care of, many of them for
> compatibility. You for sure follow the samba at samba.org
> mailing list, we still get bad complaints that
> security=share works differently than it used to.
> I REALLY don't want to mess with those code paths if there
> are other alternatives around. Can't you hide that in some
> winbind module or so?
We also have a really bad case of option-its. Every option we add is
something we must keep almost forever. Each new option makes big
changes (that we need, like whatever steps we eventually take to make an
AD-like release) really, really difficult.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090217/5601874f/attachment.bin
More information about the samba-technical