Bug 12848 - s3-testparm: relax overlap check in do_idmap_check()
Summary: s3-testparm: relax overlap check in do_idmap_check()
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.6.0
Hardware: All All
: P5 minor (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-19 12:51 UTC by Daniel Kobras (dead mail address)
Modified: 2017-06-19 12:51 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Kobras (dead mail address) 2017-06-19 12:51:20 UTC
Samba v4.6 (commit 74c2c4647e0a837aaa77d74bb6e892652a10687d) introduced a testparm check for overlapping idmap ranges. There's an exception for AD forests, but limited to the idmap backend ad. While this certainly catches the standard case, there are other valid configurations that attach to an AD forests with other backends. Eg. we use idmap nss with a Unix user db that's separate from (but consistent with) AD. It's similar in spirit to the idmap ad case mentioned above, and therefore it would be nice to still pass the testparm validity check in this setup.

I'm unsure about the best way to achieve this, though:

1.) I could add another exception for the nss backend, just to scratch my itch, but there may be valid setups with other backends as well.
2.) Generally demoting the error to a warning would make it harder to spot actual configuration errors caught by this check.
3.) Adding some form of --i-know-what-im-doing override would do the trick, but seems a bit excessive for just a few corner cases.

Any thought?