samba-technical@lists.samba.org
[Top] [All Lists]

Re: Deprecated but still supported "idmap backend" actually is broken

Subject: Re: Deprecated but still supported "idmap backend" actually is broken
From: Dmitry Butskoy
Date: Wed, 10 Oct 2007 23:33:41 +0400
On Wed, 2007-10-10 at 14:04 -0500, Gerald (Jerry) Carter wrote:

> 
> > The problem is the idmap domain name at runtime are 
> > the string "default domain" instead of the actual doman name,
> > and winbindd cannot find such a "domain" (until I change the doman
> > ame at AD to 'DEFAULT DOMAIN.COM' 8) )
> 
> Nope.  This should be equivalent (assuming I don't have typos in
> any option names).
> 
>       idmap domains = FOO
>       idmap config FOO:backend = rid
>       idmap config FOO:read_only = yes
>       idmap config FOO:range = 1000-100000

Yep, should. But not.

If "idmap domains" is empty (and I use "idmap backend" instead), then
nsswitch/idmap.c:idmap_init() does not see the name "FOO" at all. It
just prepare the "rid:FOO=1000-100000" and then:
dom->name = "default domain"
dom->params = "FOO=1000-100000"
than rid's init is called etc...

"FOO" does not go to "dom->name". Then winbindd tries to operate with
wrong name, and since there is no the name "default domain" in the
"domain_list()" at all, it fails.


~buc


<Prev in Thread] Current Thread [Next in Thread>