summaryrefslogtreecommitdiff
path: root/source3/nsswitch/idmap.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r20289: IDMAP is part of winbind but not the main process.Simo Sorce1-2/+9
Make sure we route all request to remote DCs via the main process so that IDMAP can correctly reuse DC connections and use the async interface. This fixes also idmap_nss so that it is able to resolve local group names (requires patch on the samba dc earlier committed to SAMBA_3_0 to make it resolve both the mapped and the unmapped name). Simo. (This used to be commit 4297510f22c3fd60afd062e3c5eb142be2122b16)
2007-10-10r20216: Fix fallback code.Simo Sorce1-11/+13
A reversed check made it impossile to fallback to the Unix Domain mapping code. Also fix a potential use of a freed array. Jerry, my tests shows that this code now correctly handle the fallback to Unix Domain when our Domain member is asked for a mapped group that has a unix name different from the Windows name against a Samba DC and we do not use winbindd but share users/groups by other means (ldap / sync of passwd and group files) Immediate Fix would be to discuss if we should answer back when DOMAIN\unixgroup -> SID is asked for, in the case the unixgroup name is mapped to a different name. IE: DOMAIN\Domain Admins -> ntadmins Currently if we are asked for "DOMAIN\Domain Admins" we return the dom admins SID If we are asked for "DOMAIN\ntadmins we return "not found", but we may consider to return the Domain admins SID in this case too. Comments are welcome on this point! Long term fix I think is the unixinfo pipe and of course an idmap_unixinfo moudle. Simo. (This used to be commit 07bdbb4c215461a721f9b608bd375387b96ababb)
2007-10-10r20116: Start merging in the work done to create the new idmap subsystem.Simo Sorce1-0/+1299
Simo. (This used to be commit 50cd8bffeeed2cac755f75fc3d76fe41c451976b)