[PATCH] Rework idmap_ad

Andrew Bartlett abartlet at samba.org
Mon Apr 18 05:05:43 UTC 2016

On Thu, 2016-03-31 at 12:18 +0200, Volker Lendecke wrote:
> Hi!
> The attached patchset is supposed to fix a longstanding bug in
> winbind's idmap_ad backend. Assume a configuration where you have sfu
> attributes in a trusted domain. Start winbind and immediately do a
> idmapping call (sid2xid or vice versa). This will fail if winbind did
> not have the chance yet to list the trusted domains from the DC it is
> joined to, the AD_STRUCT based code even in child processes depends
> on
> the winbindd_domain list to be correctly filled.
> This patchset solves the issue just for the sfu idmap backend,
> hopefully the rest of the winbind code can follow later.
> Comments appreciated!

G'Day Volker,

Regarding tldap, is there any chance that for example struct
tldap_message could wrap struct ldb_message, and the error codes could
be shared with LDB?

This would open up the re-use of the various ldb structure access and
parsing functions we have built up over the years.

I'm not asking that you use the whole ldb module stack - we know the
async elements didn't work out there, just to have the structures
compatible.  I hope that will in future allow greater code re-use, for
example in parsing and searching by extended DNs.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba-technical mailing list