[PATCH] s4/provision: don't set idmap_ldb:use-rfc2307 on DC by default
Andrew Bartlett
abartlet at samba.org
Wed Dec 13 17:58:39 UTC 2017
On Wed, 2017-12-13 at 14:26 +0100, Björn Jacke via samba-technical
wrote:
> From a76ff55b09ad981d1948b0c3c8fb0c9b09fc6467 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Bj=C3=B6rn=20Jacke?= <bjacke at samba.org>
> Date: Wed, 13 Dec 2017 14:15:36 +0100
> Subject: [PATCH] s4/provision: don't set idmap_ldb:use-rfc2307 on DC by
> default
>
> The --use-rfc2307 parameter of provision should only trigger the ypServ
> stuff in LDAP but not change idmapping on the DC.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13187
I would rather not change this at this point, until we can do a proper
do-over for idmapping on the AD DC. The current situation sucks, but
we should limit the configurations we have deployed.
In any case, the ypServ stuff in LDAP isn't much use any more, the
admin tools it helped make work are going away.
There are as many (perhaps more) views on IDMAP amoung team members as
there are team members, and I would rather not change this until we can
get something that is a definite improvement.
In that direction: There is no good reason why Samba as an AD DC can't
use the real winbind idmap backends. Naturally there is an upgrade
problem, but if you want to start on this, work out how to make
winbindd use idmap_ad et al and the nss info backends.
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list