Reintroduce netgroups support?

[Samuel Cabrero]

On Tue, 2022-06-07 at 22:08 +1200, Andrew Bartlett via samba-technical
wrote:
> On Fri, 2022-06-03 at 09:53 -0700, Jeremy Allison via samba-technical
> wrote:
> > On Fri, Jun 03, 2022 at 12:00:16PM +0200, Samuel Cabrero via samba-
> > technical wrote:
> > > Hi,
> > > 
> > > I have received some complains after we dropped netgroups support
> > > in
> > > Samba 4.15.0. Our release notes only mention we dropped NIS but
> > > netgroups went with it.
> > > 
> > > Some people still use netgroups without NIS, stored in LDAP and
> > > made
> > > available to the system through nss_sss, but it is also possible
> > > to
> > > use
> > > /etc/netgroups.
> > > 
> > > I had a look to the removed code and I think it is possible to
> > > reintroduce netgroups support independently from NIS, using the
> > > getdomainname() function from glibc instead of
> > > yp_get_default_domain()
> > > from libnsl.
> > > 
> > > Should we bring back netgroups support?
> > 
> > If you can do it to help a customer without an extra
> > support burdon, then go for it !

Certainly this is the case and the reason of this thread, the complains
come from a SLE customer.

> > 
> > I will help review the code.
> 
> I agree.  It is a hard line to find but I'm sorry we got too
> aggressive
> pulling stuff that folks were using.
> 
> There is still a real use case for Samba that isn't all AD domains,
> no
> matter how much I love them, and a set of administrators who have
> been
> with us for decades now that have Samba working just how they want
> it.
> We removed it because the supporting libraries were going away, but
> looking over the code I see how netgroups could be quite handy,
> exactly
> because they are not unix groups. 

Yes, it looks like some deployments are still using them. I have partly
reverted the patches removing NIS support to bring back only netgroups
and created a bug for the backports.

https://gitlab.com/samba-team/samba/-/merge_requests/2564