Re: winbind UID, GID assignment

[Mike Gerdts]

On Mon, 2002-05-13 at 16:51, Andrew Bartlett wrote:
 The problem is that we may not be able to resolve the SID at this
 time.   We can't even assume that the DC is even contactable in some
 situtations, let alone that it is alive and responding to requests in a
 timely manner.

Does that mean that the only problem that you have with the approach
used is that it relies upon knowning the domain and user or group name? 
If so, would it make more sense to pass the sid to allocate_id() and the
plug-in would be responsible for allocating a uid/gid based upon that? 
Presumably in my idmap_files plug-in this would mean that the fields
would be sid:id.


Mike

Re: winbind UID, GID assignment

[Mike Gerdts]

On Mon, 2002-05-13 at 07:35, Andrew Bartlett wrote:
 The username and domain may not be known at the time a mapping is
 required.  Thats the easy bit - we might not even know if it is a uid or
 gid!

Have you taken a look at the patch that I created?  If not, please take
a look at http://www.cae.wisc.edu/~gerdts/samba/ and let me know if the
changes to nsswitch/winbindd_idmap.c address the issue of not knowing
whether the SID is a user or group (or other..) SID.

 There is more to this whole mess than meets the eye, but yes, we do need
 to allow an aribtary SID-uid/gid, uid/gid - SID backend system.

Would you be open to following a structure like the VFS uses now?  The
existing functions could go into the default_idmap_ops structure and
plugins could replace any or all of those ops.  I am quite motivated to
provide a patch that does this.

Mike