[PATCHES RESEND] idmap_rfc2307 module

Christian Ambach ambi at samba.org
Tue Sep 18 19:34:36 MDT 2012

On 08/29/2012 02:41 PM, Andrew Bartlett wrote:

> Now, a real-world site trumps theoretical objections, and this module
> has a specialist role in an environment that is more strictly user/group
> delineated, but I wanted to explain my reasoning so you could see if
> there is any other way you could avoid embedding such a delineation
> while finding only the 'right' users.

Think of this module as a pimped version of idmap_ad that has the same 
restrictions, but to make it work with the enhanced concepts of 
sidhistory and groups owning files, SFU (or any other directory storing 
rfc2307 records) would have to be enhanced as well to cope with that 
approach. So long it must be acceptable as inherit restriction that 
using these modules will result in the same restrictions that Samba < 
4.0 always had.

As I couldn't find anything else in the patches I would dislike, I would 
have pushed them now, but they do not apply to master anymore.

Christof, would you please provide an updated patchset?
And please make sure the module gets built by default (as long as the 
prereqs were found during configure time) so we do not accidentally 
break it in the future.


More information about the samba-technical mailing list