On (20/06/16 11:48), Sumit Bose wrote:
>On Mon, Jun 20, 2016 at 11:15:20AM +0200, Lukas Slebodnik wrote:
>> On (13/06/16 15:44), Sumit Bose wrote:
>> >On Wed, Jun 08, 2016 at 07:24:02PM +0200, Lukas Slebodnik wrote:
>> >> On (08/06/16 13:39), Sumit Bose wrote:
>> >> >On Wed, Jun 08, 2016 at 10:50:00AM +0200, Jakub Hrozek wrote:
>> >> >> On Tue, May 10, 2016 at 11:10:05AM +0200, Sumit Bose wrote:
>> >> >> > Hi,
>> >> >> >
>> >> >> > this patch adds a new plugin similar to the one for the cifs-utils
>> >> >> > which
>> >> >> > allows winbind to use the same id-mapping as SSSD.
>> >> >> >
>> >> >> > Currently I only added it to the dlopen test because I think it
>> >> >> > would be
>> >> >> > best to test it directly when Samba becomes available in the CI.
>> >> >> >
>> >> >> > bye,
>> >> >> > Sumit
>> >> >>
>> >> >> > From b16a64ccf236718a877ab83de1949ab1a8091187 Mon Sep 17 00:00:00
>> >> >> > 2001
>> >> >> > From: Sumit Bose <sb...@redhat.com>
>> >> >> > Date: Tue, 19 Apr 2016 13:52:59 +0200
>> >> >> > Subject: [PATCH] Add winbind idmap plugin
>> >> >> >
>> >> >> > With this plugin winbind can use the same id-mapping as SSSD which
>> >> >> > makes
>> >> >> > it possible to run both together in a consistent way.
>> >> >>
>> >> >> [...]
>> >> >>
>> >> >> > @@ -3710,6 +3757,7 @@ install-data-hook:
>> >> >> > if [ ! $(krb5rcachedir) = "__LIBKRB5_DEFAULTS__" ]; then \
>> >> >> > $(MKDIR_P) $(DESTDIR)/$(krb5rcachedir) ; \
>> >> >> > fi
>> >> >> > + mv $(DESTDIR)/$(winbindplugindir)/winbind_idmap_sss.so
>> >> >> > $(DESTDIR)/$(winbindplugindir)/sss.so
>> >> >>
>> >> >> You also need to do the same for the uninstall hook otherwise distcheck
>> >> >> fails.
>> >> >
>> >> >fixed
>> >> >
>> >> >>
>> >> >> >
>> >> >> > uninstall-hook:
>> >> >> > if [ -f $(abs_builddir)/src/config/.files2 ]; then \
>> >> >> > diff --git a/configure.ac b/configure.ac
>> >> >> > index
>> >> >> > b4ba366d7a32a45879e9f2e9b6e84256a3ac7235..11d3f9c7333ba814cef54651cbc8e78c610b64e9
>> >> >> > 100644
>> >> >> > --- a/configure.ac
>> >> >> > +++ b/configure.ac
>> >> >> > @@ -126,6 +126,7 @@ WITH_KRB5_CONF
>> >> >> > WITH_PYTHON2_BINDINGS
>> >> >> > WITH_PYTHON3_BINDINGS
>> >> >> > WITH_CIFS_PLUGIN_PATH
>> >> >> > +WITH_WINBIND_PLUGIN_PATH
>> >> >> > WITH_SELINUX
>> >> >> > WITH_NSCD
>> >> >> > WITH_IPA_GETKEYTAB
>> >> >> > diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
>> >> >> > index
>> >> >> > 2ba6a4d4c919a0697b18c4293f5e33e12b996cac..63d4b28d886259bf7f7f3ea2a6f49a43da00c249
>> >> >> > 100644
>> >> >> > --- a/contrib/sssd.spec.in
>> >> >> > +++ b/contrib/sssd.spec.in
>> >> >> > @@ -1002,6 +1002,7 @@ done
>> >> >> > %dir %{_libdir}/%{name}
>> >> >> > %dir %{_libdir}/%{name}/modules
>> >> >> > %{_libdir}/%{name}/modules/libwbclient.so.*
>> >> >> > +%{_libdir}/samba/idmap/sss.so
>> >> >>
>> >> >> On a machine that doesn't have winbind installed, the
>> >> >> libdir/samba/idmapdir would be unowned, sssd needs to own them in the
>> >> >> same way it owns %{_libdir}/cifs-utils.
>> >> >
>> >> >fixed, I moved the plugin into the sssd-ad package as well. The
>> >> >libwbclient package does not seem to be the right place because the
>> >> >idmap plugin implies that winbind running while SSSD's libwbclient
>> >> >implementation implies to opposite.
>> >> >
>> >> If I understand it correctly this plugin will be used by winbind.
>> >> therefore it might be better to create separate sub-package for this file.
>> >>
>> >> Because in container world you will need to install sssd-ad if you want
>> >> to use this plugin in "winbind container". It seems to be a overkill.
>> >>
>> >> "winbind container" will need to just this plugin + dependencies
>> >> + bind mounted unix sockets for communication libsss_*idmap.so and sssd
>> >> daemon.
>> >
>> >Makes sense. I put the plugin into a new package and to not make it feel
>> >lonely I added a man page as well.
>> >
>> LGTM.
>>
>> BTW we can add Requires/Recommends into pacakge sssd-ad for this sub-pacakge.
>> So it will be installed by default.
>
>I think this is not needed. It is only needed for samba, not on an
>general AD client. And even with samba people might want to select
>between the idmap plugin and SSSD's libwbclient implementation.
>
OK,
ACK
LS
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
