Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2010 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
idmap flush
1.2. Name of Document Author/Supplier:
Author: Jordan Brown
1.3 Date of This Document:
10 February, 2010
4. Technical Description
idmap flush [-a]
SUMMARY
Add an idmap subcommand to flush idmap's mapping cache.
BACKGROUND
idmap and its companion daemon idmapd are used to map Windows
identities to and from UNIX identities, for use in providing
Windows file sharing client and server services.
For performance and to retain "ephemeral" UNIX IDs assigned to
Windows identities with no matching UNIX identities, idmap
maintains a cache of Windows<->UNIX identity mappings.
There is also an in-kernel mappings cache.
PROBLEM
When you change the idmap configuration - changing options
that affect its processing, changing the rules, changing directory
data that affect processing - the cache is not flushed.
As a result, it can take up to (typically) ten minutes for a
change to take effect.
6650858 cache flush sub-command could be useful
6807651 rule changes do not flush cache
PROPOSAL
Add a new idmap subcommand
idmap flush [-a]
Without -a, this new subcommand will expire any existing cache
entries. This will cause them to be reevaluated the next time
they are referenced, but if the result is the same then the
same ephemeral ID will be assigned.
With -a, the cache will be wiped clean. This allows for
"from scratch" operation, but is potentially disruptive to
file operations that are in process at the time the cache is
wiped, because any existing ephemeral ID mapping is lost and
new ephemeral IDs will be assigned..
Automatically invoke the equivalent of "idmap flush" whenever
an idmap rule is added or removed.
DETAILS
Add the subcommand.
Add a project private libidmap entry point.
Add a project private doors-RPC protocol request to implement flush.
Add a project private option to the sidsys system call to flush
the kernel cache. Failure of this system call (if, for instance,
the updated kernel module has not yet been loaded) is ignored.
ISSUES
idmap flush -a is potentially disruptive to active file operations
and SMB sessions.
DELIVERY VEHICLE
Solaris
RELEASE
Patch
COMMITMENT LEVEL
Uncommitted (like the rest of the idmap command)
REFERENCE DOCUMENTS
PSARC/2007/064 Unified POSIX and Windows Credentials for Solaris
PSARC/2006/315 Winchester: Schema Mapping and ID Mapping for AD
Interoperability
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
