[PATCHES RESEND] idmap_rfc2307 module
Andrew Bartlett
abartlet at samba.org
Thu Aug 23 15:20:06 MDT 2012
On Tue, 2012-08-21 at 17:19 -0600, Christof Schmitt wrote:
> Resending the patches since i have not seen any feedback. These
> patches have been rebased to apply on the current master branch.
>
> The basic idea is to retrieve the id mapping information from RFC2307
> LDAP records. The records can be stored in a stand-alone LDAP server
> or in the ADS LDAP server. Patch 0007 adds a man page that should give
> an overview.
>
> Feedback? What needs to be done to get this accepted in master?
I'm trying to understand how this fits into the landscape of available
options. Is it correct to say that:
- Compared to idmap_ad it stores all the attributes in a single
(possibly but not required to be) AD server even for trusted domains
and
- Compared to idmap_ldap it does the mapping via the username so the
ldap server doesn't need to have a SID in it
- Compared to idmap_nss it allows winbindd to be used for nsswitch?
If it fills a need that existing modules don't meet then it seems
reasonable to include it. I presume you feel it is clearer if this is a
new module with lots of shared code compared to an optional
configuration of idmap_ldap or idmap_ad?
However, we really should test it, as well as at least idmap_ad.
We have an AD DC in our test environment, so setting up two new samba3
domain members (one for idmap_ad and another for idmap_rfc2307) should
not be difficult at all. Then we should be able to write a test that
creates some standard mappings and confirms that everything still works
(running it also against the 'dc' environment would also allow it's
rfc2307 mode to be tested).
I can assist you with this.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list