Why is the 'sss' backend verboten as a default IDMAP backend?
Andreas Schneider
asn at samba.org
Mon Jul 17 15:18:08 UTC 2017
On Saturday, 15 July 2017 00:16:07 CEST Richard Sharpe via samba-technical
wrote:
> On Fri, Jul 14, 2017 at 2:57 PM, Jeremy Allison <jra at samba.org> wrote:
> > On Fri, Jul 14, 2017 at 02:53:21PM -0700, Richard Sharpe via samba-
technical wrote:
> >> Hi folks,
> >>
> >> Just testing 4.7rc3 and ran into this problem:
> >>
> >> ERROR: Do not use the 'sss' backend as the default idmap backend!
> >>
> >> Why is that?
> >
> > git blame on testparm gives:
> >
> > $ git show 3de634d7a04f
> > commit 3de634d7a04f9e1cb8fda9dfb50b3675ab88b4fc
> > Author: Andreas Schneider <asn at samba.org>
> > Date: Wed Dec 7 17:44:25 2016 +0100
> >
> > s3-testparm: Print error if the default backend is incorrect
> >
> > Signed-off-by: Andreas Schneider <asn at samba.org>
> > Reviewed-by: Michael Adam <obnox at samba.org>
> >
> > That should help you look up the patch and discussion
> > on samba-technical archives.
>
> OK, so having read the discussion I guess the issues are:
>
> 1. Does sssd generate collision-free idmaps when the customer has
> multiple domains
> 2. Do we want to live dangerously.
The idmap_sss backend is a 'read-only' backend! Winbind requires a backend
which can allocate IDs as the default backend!
Cheers,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list