DESCRIPTION

From 816b1e9edb9b4ded25c59b4c9ad3bf4f8960ad26 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 15 Feb 2017 08:55:24 +0100 Subject: [PATCH 1/2] docs: Improve the idmap_hash manpage BUG: https://bugzilla.samba.org/show_bug.cgi?id=12582 Signed-off-by: Andreas Schneider Reviewed-by: Michael Adam (cherry picked from commit 5ced307a46674f0d484db0d3201d64e70b44787d) --- docs-xml/manpages/idmap_hash.8.xml | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/docs-xml/manpages/idmap_hash.8.xml b/docs-xml/manpages/idmap_hash.8.xml index 6e876e6b582..9a56519e192 100644 --- a/docs-xml/manpages/idmap_hash.8.xml +++ b/docs-xml/manpages/idmap_hash.8.xml @@ -13,17 +13,35 @@ idmap_hash - Samba's idmap_hash Backend for Winbind + DO NOT USE THIS BACKEND DESCRIPTION - The idmap_hash plugin implements a hashing algorithm used to map + DO NOT USE THIS PLUGIN + + The idmap_hash plugin implements a hashing algorithm used to map SIDs for domain users and groups to 31-bit uids and gids, respectively. This plugin also implements the nss_info API and can be used to support a local name mapping files if enabled via the "winbind normalize names" and "winbind nss info" parameters in smb.conf. + The module divides the range into subranges for each domain that is being + handled by the idmap config. + + The module needs the complete UID and GID range to be able to map all + SIDs. The lowest value for the range should be the smallest ID + available in the system. This is normally 1000. The highest ID should + be set to 2147483647. + + A smaller range will lead to issues because of the hashing algorithm + used. The overall range to map all SIDs is 0 - 2147483647. Any range + smaller than 0 - 2147483647 will filter some SIDs. As we can normally + only start with 1000, we are not able to map 1000 SIDs. This already + can lead to issues. The smaller the range the less SIDs can be mapped. + + We do not recommend to use this plugin. It will be removed in a future + release of Samba. @@ -53,7 +71,7 @@ [global] idmap config * : backend = hash - idmap config * : range = 1000-4000000000 + idmap config * : range = 1000-2147483647 winbind nss info = hash winbind normalize names = yes -- 2.12.0 From dfb3a90f926bbf266597ee1fd7e93ebba354a3f7 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 21 Feb 2017 14:51:08 +0100 Subject: [PATCH 2/2] idmap_hash: Add a deprecation message BUG: https://bugzilla.samba.org/show_bug.cgi?id=12582 Signed-off-by: Andreas Schneider Reviewed-by: Michael Adam Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Fri Mar 3 16:54:34 CET 2017 on sn-devel-144 (cherry picked from commit 1cb99fc6af388843d313e0de48fee17103df806a) --- source3/winbindd/idmap_hash/idmap_hash.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c index 743b0ec4ff8..36cc0f1e354 100644 --- a/source3/winbindd/idmap_hash/idmap_hash.c +++ b/source3/winbindd/idmap_hash/idmap_hash.c @@ -112,6 +112,10 @@ static NTSTATUS idmap_hash_initialize(struct idmap_domain *dom) size_t num_domains = 0; int i; + DBG_ERR("The idmap_hash module is deprecated and should not be used. " + "Please migrate to a different plugin. This module will be " + "removed in a future version of Samba\n"); + if (!strequal(dom->name, "*")) { DBG_ERR("Error: idmap_hash configured for domain '%s'. " "But the hash module can only be used for the default " -- 2.12.0