Bug 12848 - s3-testparm: relax overlap check in do_idmap_check()
s3-testparm: relax overlap check in do_idmap_check()
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other
4.6.0
All All
: P5 minor
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-19 12:51 UTC by Daniel Kobras
Modified: 2017-06-19 12:51 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Kobras 2017-06-19 12:51:20 UTC
Samba v4.6 (commit 74c2c4647e0a837aaa77d74bb6e892652a10687d) introduced a testparm check for overlapping idmap ranges. There's an exception for AD forests, but limited to the idmap backend ad. While this certainly catches the standard case, there are other valid configurations that attach to an AD forests with other backends. Eg. we use idmap nss with a Unix user db that's separate from (but consistent with) AD. It's similar in spirit to the idmap ad case mentioned above, and therefore it would be nice to still pass the testparm validity check in this setup.

I'm unsure about the best way to achieve this, though:

1.) I could add another exception for the nss backend, just to scratch my itch, but there may be valid setups with other backends as well.
2.) Generally demoting the error to a warning would make it harder to spot actual configuration errors caught by this check.
3.) Adding some form of --i-know-what-im-doing override would do the trick, but seems a bit excessive for just a few corner cases.

Any thought?