svn commit: samba r12293 - in trunk/source/utils: .
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sat Dec 17 10:06:56 GMT 2005
On Sat, Dec 17, 2005 at 10:50:34AM +0100, simo wrote:
> I completely agree with you. The failed attempt of idmap (the part that
> didn't survived) work initially done was to reach most of the objectives
> stated here, convert once and in a central place to avoid mistakes and
> help keeping the core of resolutions as early and as correct as
> possible.
Idmap maybe tried to solve the wrong problem (no offense intended ;-)),
sid2uid/gid is easy once lookup_name/sid can reliably tell you what type of
object we're talking about. Where to look is also easy by looking at the SID.
Is it builtin, our own domain or somewhere else?
> Agreed, the current situation can be enhanced a lot by your proposal,
> better to break a few installations but have a better resolution
> mechanism, that will pay in the long term imho.
Breaking installation is tough I think and needs to be prepared *very* well. I
just thought about an internal flag to lookup_name that indicates to skip the
pdb_getpwnam in the lookup_global_sam_name. We can't break the valid users =
@group case, probably never. But having this "legacy" hack well-encapsulated
might be much better than what we have now.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20051217/510e42c2/attachment.bin
More information about the samba-technical
mailing list