[PATCH] passdb: Increase ABI version to 0.28.0

[Jeremy Allison]

On Tue, Mar 05, 2019 at 08:41:24PM +0200, Alexander Bokovoy wrote:
> On ti, 05 maalis 2019, Jeremy Allison wrote:
> > On Tue, Mar 05, 2019 at 04:48:22PM +0200, Alexander Bokovoy via samba-technical wrote:
> > > 
> > > I'm all for clearing this space but right now I have to struggle with
> > > every change done in Samba around PASSDB interface. Bringing the module
> > > back to Samba would not help either because it becomes useless without
> > > the rest of FreeIPA deployment and cannot be tested as part of
> > > autobuild.
> > > 
> > > I can bring the code to Samba if you really after forcing that. I also
> > 
> > Yes. This is the correct solution. You are in the position of
> > trying to maintain an out-of-tree module. The Linux kernel
> > has shown how much of a bad idea this is.
> > 
> > You need to move it into Samba proper, and commit to maintain
> > it upstream - just like we do with Andreas's xxx_wrapper code.
> > 
> > You should patch *upstream* first, then merge back downstream
> > once you have run local tests.
> > 
> > But Samba isn't part of FreeIPA and we can't commit to maintaining
> > internal API's for you, sorry.

> Let us then aim this for Samba 4.11. There are few changes I need to
> implement first to account to tightening of system-wide crypto policy in
> Fedora which prevents libkrb5 to operate on RC4 encryption types first.

Sure, I'm happy to help you merge this code in for 4.11.

In the meantime, what do you need to help get the code
for bug:

https://bugzilla.samba.org/show_bug.cgi?id=13813

in a state where it works for both Samba and FreeIPA
for the 4.8.x, 4.9.x, 4.10.x releases ?

This is a real bug that can pollute the idmap cache,
causing chaos in 4.8.x and above, so we really do
need this code back-ported in a way that doesn't
break your uses.

Jeremy.