Does anybody use idmap_adex?
in [Samba]
|
From: Gerald Carter on 28 Jun 2010 11:30 On 06/28/2010 10:13 AM, simo wrote: >> There's some confusion here. The idmap_adex() doesn't have >> anything to do with Likewise Cells. It's just an rfc2307 >> idmap module with support for domain trusts. The comments >> in the code are misleading only because it was derived from >> my original code at Likewise. >> >> That said, if no one is using it, my suggestion is to remove >> it on the basis that it is currently unmaintained. > > Jerry, are there other modules that would allow us to do one way trust > while keeping info on AD ? Hey Simo, The idmap_adex trust support was for cross-forest transitive trusts. You can't do one-way trusts like this anyways (neither does idmap_adex). The one-way trust support is (was) in winbindd core code and made use of the rpc SID/Name translation. You just can't obtain any attribute information from the wrong side on a one-way trust. cheers, jerry -- Director of Engineering http://www.likewise.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gerald Carter on 28 Jun 2010 11:40 (sorry...I keep sending from my work address which is not subscribed to the lists) Hey Simo, On 06/28/2010 10:29 AM, simo wrote: > Ok, for some reason I thought information was maintained > on your side of the trust using the cells. Sort of correct. But these are specific OU cells and not a forest wide cell. At the risk of digressing into a Likewise specific thing, an OU cell stores the meta data for objects in a container inside the OU. So you can add a user or group across a one-way trust to an OU cell and the UNIX attribute information is stored inside the OU in *your* domain. So in this case, you don't send LDAP queries across a one-way trust. In the RFC2307 forest cell case, the UNIX attribute information is stored *on* the actual user and group object. Idmap_adex only supported the RFC2307 forest "cell" since this was easy to do using the MS "Identity Services for Unix" management tools. Make sense? cheers, jerry -- Director of Engineering http://www.likewise.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Volker Lendecke on 28 Jun 2010 12:00 On Mon, Jun 28, 2010 at 10:37:28AM -0500, Gerald Carter wrote: > >Ok, for some reason I thought information was maintained > >on your side of the trust using the cells. > > Sort of correct. But these are specific OU cells and not > a forest wide cell. At the risk of digressing into a Likewise > specific thing, an OU cell stores the meta data for objects > in a container inside the OU. So you can add a user or group > across a one-way trust to an OU cell and the UNIX attribute > information is stored inside the OU in *your* domain. > So in this case, you don't send LDAP queries across a one-way > trust. In the RFC2307 forest cell case, the UNIX attribute > information is stored *on* the actual user and group object. > > Idmap_adex only supported the RFC2307 forest "cell" since this > was easy to do using the MS "Identity Services for Unix" management > tools. > > Make sense? So it is just the naming of structures, routines and so on that points at the concept of Likewise Cells, nothing in the code actually references anything specific to those? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Gerald Carter on 28 Jun 2010 12:10 On 06/28/2010 10:51 AM, Volker Lendecke wrote: > On Mon, Jun 28, 2010 at 10:37:28AM -0500, Gerald Carter wrote: >> Sort of correct. But these are specific OU cells and not >> a forest wide cell. At the risk of digressing into a Likewise >> specific thing, an OU cell stores the meta data for objects >> in a container inside the OU. So you can add a user or group >> across a one-way trust to an OU cell and the UNIX attribute >> information is stored inside the OU in *your* domain. >> So in this case, you don't send LDAP queries across a one-way >> trust. In the RFC2307 forest cell case, the UNIX attribute >> information is stored *on* the actual user and group object. >> >> Idmap_adex only supported the RFC2307 forest "cell" since this >> was easy to do using the MS "Identity Services for Unix" management >> tools. >> >> Make sense? > > So it is just the naming of structures, routines and so on > that points at the concept of Likewise Cells, nothing in the > code actually references anything specific to those? Correct. I just reused a lot of the Likewise code here. My intent was originally to minimize change between the version that we shipped in Likewise Identity 4.x and what was in Samba and to leverage the Likewise QA team on both fronts. I can draw you a diagram on a napkin at Samba XP next year just for the sake of conversation and maybe explain it better. :) cheers, jerry -- Director of Engineering http://www.likewise.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Volker Lendecke on 28 Jun 2010 14:40 On Mon, Jun 28, 2010 at 11:00:49AM -0500, Gerald Carter wrote: > Correct. I just reused a lot of the Likewise code here. > My intent was originally to minimize change between the > version that we shipped in Likewise Identity 4.x and what > was in Samba and to leverage the Likewise QA team on both > fronts. Ok, the question still remains: Anybody actually using the module? How many people do we offend if we remove it? Volker
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: [Samba] preferred file system Next: preferred file system |