My TODO before RC1

Stefan (metze) Metzmacher metze at
Mon Sep 10 11:02:54 MDT 2012

Am 10.09.2012 14:59, schrieb Andrew Bartlett:
> Metze,
> You asked for my TODO list before (and after, at this rate) RC1 to see
> if others might be able to help.
> It is (in rough order):
>  - Call for last changes to our WHATSNEW
>  - Find out if what (else!) folks need to be in RC1 beyond what is
> already discussed.
>  - Sort out ACLs after classicupgrade.  Essentially I think the issue is
> that the idmap isn't reflexive.  I'm trying to implement the posix ACL
> hash stuff we discussed a couple of months ago. 
>  - have 'waf dist' run source3/ and incorporate the outputs. 
>    - this would be easier if that script would run with builddir !=
> srcdir so we could just point it at a blank directory and collect the
> outputs (but certainly don't have the energy for that). 
>  - Merge the outstanding patches from Christof Schmitt
> <christof.schmitt at>.  
>   - The PAC patch looks good.  However, as has been ovbious over the
> past week, I'm a stickler for testing, and I'm still waiting for the
> tests for the PAC patch.  I prepared the framework in winbind.pac but I
> was leaving this to Chrisof to finish.  
>   - The rfc2307 idmap patch seems like a reasonable idea, except for the
> user/group suffixes (I still dislike them as a concept, even if they are
> required).  However, I again would like some tests - particularly
> because we already have folks complaining that idmap_ad doesn't work,
> and re-using the tests in that configuration could prove that either way
> (idmap_ad is also modified by the patch). 
>  - Do the DNS tests that I promised Kai earlier this evening
>  - Have the WAF and autoconf config.h be identical (enough).  The great
> work by Björn Jacke <bjacke at> to merge and finish my quota
> patches means we are close, with only some waf quota checks to go. 
>  - Run a wintest before doing RC1. 
>  - Look into the patch for ntlm_auth TLS channel binding.  (There is no
> practical way i can do this for RC1, but it's almost a year since the
> patch was posted)
>  - Look into the whole 'map untrusted to domain' saga properly.  Make
> winbind return a special NTSTATUS return if the 'authoriative' flag is
> not set, rather than basing things on the known list of domains.
>  - many other things I can't think of at this time of night.
> I plan RC1 on Wednesday, and I don't have a clone army, so clearly I
> won't get most of this done.  Any assistance would be most welcome.

I've patches which move provision to 'samba-tool domain provision'
and move upgradeprovision to samba_upgradeprovision.

But somehow they fail in the openldap related provision tests...
Any idea?;a=shortlog;h=refs/heads/master4-tmp3


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list