change idmap in the same way as passdb
Andrew Bartlett
abartlet at samba.org
Thu Dec 18 14:56:17 MST 2014
On Thu, 2014-12-18 at 22:18 +0100, Stefan (metze) Metzmacher wrote:
> Am 18.12.2014 um 22:07 schrieb Andrew Bartlett:
> > On Thu, 2014-12-18 at 20:27 +0100, Stefan (metze) Metzmacher wrote:
> >> Am 18.12.2014 um 10:38 schrieb Andrew Bartlett:
> >>> On Thu, 2014-12-18 at 21:23 +1300, Andrew Bartlett wrote:
> >>>> On Thu, 2014-12-18 at 09:13 +0100, Stefan (metze) Metzmacher wrote:
> >>>>> Am 18.12.2014 um 08:52 schrieb Andrew Bartlett:
> >>>>>> Metze,
> >>>>>>
> >>>>>> Now we have successfully changed the pdb library, I propose we do the
> >>>>>> same with idmap. On a solaris-like system a while back, I found our
> >>>>>> internal and private idmap clashing with the system idmap (for NFSv4).
> >>>>>> The same grouping library trick should be enough to avoid this issue as
> >>>>>> well. I'll try and prepare a patch tomorrow if I'm not totally swamped
> >>>>>> in the rush before Christmas.
> >>>>>
> >>>>> Ok, do we already have a bug report for this?
> >>>>>
> >>>>> metze
> >>>>
> >>>> This looks like it:
> >>>>
> >>>> https://bugzilla.samba.org/show_bug.cgi?id=10112
> >>>
> >>> Metze,
> >>>
> >>> You suggested on private IRC that we find a generic solution in the
> >>> PRIVATE_NAME wafsamba function. I attach my attempt at that.
> >>>
> >>> Sadly at least on my test here, it didn't help. Let me know if you
> >>> figure it out, otherwise we may have to ad-hock idmap at least for now.
> >>
> >> This patch seems to work.
> >
> > It looks like it relies on a patch I don't have, as it only applies with
> > fuzz.
>
> See the [PATCHES] fix soname of linux nss_*.so.2 modules thread...
>
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-forest
> also has the patches.
If you can get me a branch with what exactly you want reviewed as early
as possible tomorrow your time, I'll try and find time this evening.
Some small notes:
- In the new trusted domain cli_credentials code, you don't need a new
lp_ctx, use the one on the dsdb private state pointer.
- The RODC already checks locally first, and falls back to a remote
NETLOGON call if we get NOT_IMPLEMENTED as the reply, so the TODO isn't
required
- How can we test all this? We really need to start a 2nd forest in
make test.
BTW, if you get all this going, subdomains are not far off either - most
of the problems are exactly the same.
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list