[PATCH] Rework idmap_ad
Andrew Bartlett
abartlet at samba.org
Mon Apr 18 05:05:43 UTC 2016
On Thu, 2016-03-31 at 12:18 +0200, Volker Lendecke wrote:
> Hi!
>
> The attached patchset is supposed to fix a longstanding bug in
> winbind's idmap_ad backend. Assume a configuration where you have sfu
> attributes in a trusted domain. Start winbind and immediately do a
> idmapping call (sid2xid or vice versa). This will fail if winbind did
> not have the chance yet to list the trusted domains from the DC it is
> joined to, the AD_STRUCT based code even in child processes depends
> on
> the winbindd_domain list to be correctly filled.
>
> This patchset solves the issue just for the sfu idmap backend,
> hopefully the rest of the winbind code can follow later.
>
> Comments appreciated!
G'Day Volker,
Regarding tldap, is there any chance that for example struct
tldap_message could wrap struct ldb_message, and the error codes could
be shared with LDB?
This would open up the re-use of the various ldb structure access and
parsing functions we have built up over the years.
I'm not asking that you use the whole ldb module stack - we know the
async elements didn't work out there, just to have the structures
compatible. I hope that will in future allow greater code re-use, for
example in parsing and searching by extended DNs.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list