The documentation says that running winbindd with '-n' will 'Disable caching' but this does not apply to the idmap cache.
Created attachment 3984 [details]
Is the attached (untested) patch what you have in mind? If yes, I'd check it in.
That looks perfect and is exactly what I was thinking of.
I'll note that it took me a minute to realize that opt_nocache is true if '-n' is set as a command line argument, and thus winbindd_use_cache() and winbindd_use_idmap_cache() would return false due to !opt_nocache.
Exactly that also confused me. That's why I introduced the (as I believe) more descriptive routines.
Did you actually test that code? Just checking...
I did not at the time, but I have now.
Applied patch against 3.3.1 release and built from source.
./configure --with-ads --with-winbind --with-shared-modules=idmap_ad
linked /usr/lib/samba/lib/smb.conf to existing /etc/samba/smb.conf
Joined to domain
Ran 'winbindd -i -d10', ran 'wbinfo --uid-info UID' a couple times, checked the log and saw the 'Returning valid cache entry' log.
Ran 'winbindd -i -d10 -n' and ran wbinfo again, no cache in the log and saw the search against ldap.
Works as expected now with patch.
Thanks for testing. Pushed.