[Samba] tdb2 idmap script issue

Orlando Richards orlando.richards at ed.ac.uk
Wed Feb 13 09:31:43 MST 2013

Hi folks,

In our happy adventures in ID mapping between windows and Unix, I've 
come across an odd issue with the idmap : script mapping method when 
using tdb2.

Basically - my idmap script behaves like this:

#idmap.sh IDTOSID GID 123456

as one would hope, and as per the requirements in the idmap_tdb2 man 
page. Similarly, it'll return UID:123545 or GID:1234356 in response to 
SIDTOID S-blah-blah-blah

This all works well when calling the script directly, but when running 
it through winbind I was getting:

# wbinfo -G 12345
Could not convert gid 12345 to sid

despite the fact that this would return fine:

# idmap.sh IDTOSID 12345

However, going the other way would always work fine (SIDTOID).

(To be clear - I was flushing the cache and deleting the relevant 
entries from the tdb's between lookups.)

In a flash of inspiration, I changed the "echo SID:$SID" line in my 
idmap to be "printf SID:$SID" so that it didn't give a newline in the 
response, and, lo and behold, it magically started working fine!

Note that the SIDTOID calls still use "echo GID:$GID", and not printf, 
and work fine.

So - a quick patch to the example "idmap-nis.sh" script might act as a 
quick workaround:

--- examples/scripts/idmap/idmap_nis.sh.orig	2013-02-13 
16:27:07.253852132 +0000
+++ examples/scripts/idmap/idmap_nis.sh	2013-02-13 16:27:18.633913917 +0000
@@ -108,7 +108,7 @@
  	    echo "ERR: name $name not found in ADS"
  	    exit 1
-	echo "SID:$sid"
+	printf "SID:$sid"
  	echo "ERR: Unknown command $cmd"

but I'm afraid my efforts to dig into the source3/winbindd/idmap_tdb2.c 
code came up against my non-coder impenetrable barrier of fail!

Hope this helps someone - let me know if you think I should do anything 
further with this (like submitting a bug).


The University of Edinburgh is a charitable body, registered in 
Scotland, with registration number SC005336.

More information about the samba mailing list