The Samba-Bugzilla – Bug 12848
s3-testparm: relax overlap check in do_idmap_check()
Last modified: 2017-06-19 12:51:20 UTC
Samba v4.6 (commit 74c2c4647e0a837aaa77d74bb6e892652a10687d) introduced a testparm check for overlapping idmap ranges. There's an exception for AD forests, but limited to the idmap backend ad. While this certainly catches the standard case, there are other valid configurations that attach to an AD forests with other backends. Eg. we use idmap nss with a Unix user db that's separate from (but consistent with) AD. It's similar in spirit to the idmap ad case mentioned above, and therefore it would be nice to still pass the testparm validity check in this setup.
I'm unsure about the best way to achieve this, though:
1.) I could add another exception for the nss backend, just to scratch my itch, but there may be valid setups with other backends as well.
2.) Generally demoting the error to a warning would make it harder to spot actual configuration errors caught by this check.
3.) Adding some form of --i-know-what-im-doing override would do the trick, but seems a bit excessive for just a few corner cases.