[PATCH] s4/provision: don't set idmap_ldb:use-rfc2307 on DC by default
Björn Jacke
bjacke at sernet.de
Thu Dec 14 11:31:46 UTC 2017
On 2017-12-14 at 06:58 +1300 Andrew Bartlett via samba-technical sent off:
> > The --use-rfc2307 parameter of provision should only trigger the ypServ
> > stuff in LDAP but not change idmapping on the DC.
> >
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=13187
>
> I would rather not change this at this point, until we can do a proper
> do-over for idmapping on the AD DC. The current situation sucks, but
> we should limit the configurations we have deployed.
the default configuration is idmap ldb on the AD DC and this is the one which
works most stable. rfc2307 is just causing problems. On a DC, which should not
have more than the sysvol share (but this one should work stable!) there is no
point to enable rfc2307 mappings.
> In any case, the ypServ stuff in LDAP isn't much use any more, the
> admin tools it helped make work are going away.
>
> There are as many (perhaps more) views on IDMAP amoung team members as
> there are team members, and I would rather not change this until we can
> get something that is a definite improvement.
>
> In that direction: There is no good reason why Samba as an AD DC can't
> use the real winbind idmap backends. Naturally there is an upgrade
> problem, but if you want to start on this, work out how to make
> winbindd use idmap_ad et al and the nss info backends.
idmap_ad is not the alternative. The point about this patch is to leave our
(stable) default, which is idmap ldb - also for provisioning of systems where
the yp server is enabled in ldap. You said you want to limit the configurations
we have deployed, then this is what this patch is doing also.
As mentioned in the bug report already, the option to enable the ypserver
(--use-rfc2307) is quite fuzzy and misleading unfortunately.
Björn
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list