IDMAP Allocator questions
Trever L. Adams
trever.adams at gmail.com
Wed Jul 7 06:54:45 MDT 2010
Hello everyone,
Yesterday I sent a message stating my intent to try and add an allocator
that would work with Samba 4 ADS. I have been digging into the code and
have hit several problems.
I have read that the allocators can't be used on a domain by domain
basis and I have read that they can. I am not sure which is accurate. (I
haven't dug into that code yet.)
Looking at idmap_adex, which is what I would like to extend, it seems
knowing the domain is important. I had decided it would be better to
rewrite the allocator from idmap_ldap, making it work in idmap_adex with
the modification that it will search for a free uid/gid instead of just
exit if we are past the high end of the range. This is slow, but think
of local schools, if you do a similar partition scheme to idmap_hash and
trust between schools, the 100K could run out rather quickly, but could
be recycled.
As I try to wrap my head around idmap_adex it seems domain sid is
important. However, in:
NTSTATUS idmap_allocate_uid( uid_t *uid);
NTSTATUS idmap_allocate_gid( gid_t *gid);
there seems to be no way to get at this information.
With DOM# where # is 1-7 with each trusting the others, I am hoping that
I can do something like the following:
idmap domains = DOM1 DOM2 ...
idmap config LocalDom:default = yes
idmap config LocalDom:backend = idmap_adex
idmap config LocalDom:range = 10000 - 50000
idmap LocalDom alloc backend = imap_adex (as described above)
idmap config ForeignDom:default = yes
idmap config ForeignDom:backend = idmap_adex
idmap config ForeignDom:range = appropriate range
# No allocator for Foreign DOM#
winbind nss info = adex
winbind normalize names = yes
P.S. I am using the git tree samba and
http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBQQFjAA&url=http%3A%2F%2Fwww.samba.org%2F~idra%2Fsamba3_newidmap.pdf&ei=n3Q0TObGN8L58Abx8sy7Aw&usg=AFQjCNFhgpKkU6HxB2PHBKfNVlL6y6_NVg&sig2=44KiJuI8IAuek8tNzzIAbw
as a reference.
--
"The hands that help are better far than the lips that pray." -- Robert
G. Ingersoll
More information about the samba-technical
mailing list