samba-technical@lists.samba.org
[Top] [All Lists]

Re: Deprecated but still supported "idmap backend" actually is broken

Subject: Re: Deprecated but still supported "idmap backend" actually is broken
From: "Gerald (Jerry) Carter"
Date: Wed, 10 Oct 2007 14:04:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dmitry Butskoy wrote:
> On Wed, 2007-10-10 at 13:00 -0500, Gerald (Jerry) Carter wrote:
> 
>> "idmap backend = rid:FOO=1000-2000
>>
>> This is incorrect syntax since it implies the trusted domain
>> patch which was never officially supported. 
> 
> You have confused me completely :)
> 
> It was correct for 3.0.24, now (3.0.26) the "idmap 
> backend" is deprecated at all. What the "trusted domain
> patch" do you say about?..

Sorry.  I'm working of memory here.  Did you compile Samba
yourself?  Or are you using someone;s packages?

>>   If you just say "idmap backend = rid" it should be ok 
> 
> But how can I specify the range (1000-100000)? IOW what 
> to add to the rid to make the uid (f.e. if rid is, say 513, then
> I want gid to be 1513 etc.)

That's actually what the idmap uid and idmap gid values should
do for you.

> Anyway, I know that "idmap backend" is deprecated and 
> obsoleted now, but ReleaseNotes mentions that it should
> still work as before (for compatibility). But it does not.
> And since people do like SWAT to configure Samba, and SWAT
> seems to not support "idmap config" yet, the old scheme
> should be preserved and should work...

I agree.  No arguements there.

> The problem is the idmap domain name at runtime are 
> the string "default domain" instead of the actual doman name,
> and winbindd cannot find such a "domain" (until I change the doman
> ame at AD to 'DEFAULT DOMAIN.COM' 8) )

Nope.  This should be equivalent (assuming I don't have typos in
any option names).

        idmap domains = FOO
        idmap config FOO:backend = rid
        idmap config FOO:read_only = yes
        idmap config FOO:range = 1000-100000






cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHDSJHIR7qMdg1EfYRAlo5AKDcERE92JeOgGunPx1v+Twt/TemmQCg4DAE
Nwi2Ciz9GxzNevqBOsgvlR4=
=Eaiy
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>