Samba4 idmap using uidNumber/gidNumber
Stefan (metze) Metzmacher
metze at samba.org
Sun Jun 10 15:30:44 MDT 2012
Hi Andrew,
> Attached is a patch that I know you and a number of our users will be
> interested in. This patch makes Samba4 honour the uidNumber/gidNumber
> attributes in the directory, when present.
>
> This is done in a simple manner - we simply search the directory first.
> No attempt at resolving conflicts with the idmap.ldb is done, the
> directory simply wins.
>
> I haven't had a chance to test this yet (just got it to compile), but if
> you wish to test/comment in a non-production environment, it will assist
> us in bringing this important functionality to the Samba 4.0 release.
>
> Beyond this, the next step will be to make the 'samba-tool domain
> samba3upgrade' tool populate these mappings, rather than idmap.ldb.
>
> Michael,
>
> If you have any thoughts or comments on how this is done, please let me
> know. I would have liked to call into idmap_ad directly, but it is tied
> too much into the s3 winbind to use directly, so I've instead just tried
> to make it compatible. The additional behaviour that I can see is that
> there is no idmap range specified (all uidNumber values in the directory
> are accepted) and we fall back to an ldb mapping on failure to find an
> AD mapping.
I think we should not mix this, there needs to be a configuration option
to trigger the new behavior. For ID_MAP_BOTH we should check if the object
has uidNumber and gidNumber on the same object with the same value.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120610/a4fe6b68/attachment.pgp>
More information about the samba-technical
mailing list