mapping uids of file owners to SIDs for AD users
Sumit Bose
sbose at redhat.com
Tue Jan 31 08:58:01 UTC 2017
On Tue, Jan 31, 2017 at 08:06:55AM +0100, Ralph Böhme wrote:
> On Fri, Jan 27, 2017 at 03:08:12PM +0100, Sumit Bose wrote:
> > On Thu, Jan 26, 2017 at 10:15:32PM +0100, Ralph Böhme wrote:
> > > On Thu, Jan 26, 2017 at 12:40:19PM +0100, Sumit Bose wrote:
> > > > On Thu, Jan 26, 2017 at 12:16:55PM +0100, Ralph Böhme wrote:
> > > > > On Thu, Jan 26, 2017 at 11:51:07AM +0100, Björn JACKE wrote:
> > > > > > On 2017-01-25 at 18:49 +0100 Ralph Böhme sent off:
> > > > > > > This looks like it would be very useful and just needs some waf configure and
> > > > > > > build magic to be integrated.
> > > > > >
> > > > > > I agree, it would be very good to have this upstream (in Samba, where it mainly
> > > > > > belongs).
> > > > >
> > > > > if noone else does it... currently upgrading my Fedora from 24 to 25 in order to
> > > > > get the needed deps (assuming they are only in 25). As soon as I find the time
> > > > > I'll work out a patch.
> > > >
> > > > The basic requirement is the libsss_nss_idmap package which contains a
> > > > library with the calls to SSSD and is already available since a couple
> > > > of versions.
> > > >
> > > > The module in the SSSD tree also uses calls from libsss_idmap to convert
> > > > between different SID representations but they can be replaced by
> > > > suitable calls from a Samba library.
> > > >
> > > > Please let me know if I can be of any assistance.
> > >
> > > we need a manpage. Hint, hint... :)
> >
> > Feel free to reuse the related SSSD man page
> > https://github.com/SSSD/sssd/blob/master/src/man/idmap_sss.8.xml
>
> oh, nice, thanks for the pointer! :)
>
> > > <https://git.samba.org/?p=slow/samba.git;a=log;h=refs/heads/idmap_sss>
> >
> > Thank you, I didn't had a chance to test it yet, but I'm wondering about
> > the name. Having two plugins with the same name might cause some extra
> > effort for distributions an package maintainers.
>
> I guess there are only two distroy affected here and I guess they can work
> around it, can they?
Let's see if Andreas has any comments here?
>
> > If Samba starts
> > shipping this idmap module I'm fine with deprecating and removing it
> > from SSSD but I guess there will be some time where Samba and SSSD will
> > provide the plugin.
>
> hm. Otoh, adding it with a different name to Samba will make it look like to
> different modules which will totally confuse our users.
yes, I have to agree
bye,
Sumit
>
> Cheerio!
> -slow
More information about the samba-technical
mailing list