Bug 6176 - Windbind -n does not disable idmap cache
Summary: Windbind -n does not disable idmap cache
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.3
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.3.1
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-09 12:19 UTC by Bryan McLellan
Modified: 2009-03-12 04:24 UTC (History)
0 users

See Also:


Attachments
patch (7.94 KB, patch)
2009-03-09 16:10 UTC, Volker Lendecke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bryan McLellan 2009-03-09 12:19:24 UTC
The documentation says that running winbindd with '-n' will 'Disable caching' but this does not apply to the idmap cache.
Comment 1 Volker Lendecke 2009-03-09 16:10:13 UTC
Created attachment 3984 [details]
patch

Is the attached (untested) patch what you have in mind? If yes, I'd check it in.
Comment 2 Bryan McLellan 2009-03-09 16:18:56 UTC
That looks perfect and is exactly what I was thinking of.

I'll note that it took me a minute to realize that opt_nocache is true if '-n' is set as a command line argument, and thus winbindd_use_cache() and winbindd_use_idmap_cache() would return false due to !opt_nocache.
Comment 3 Volker Lendecke 2009-03-09 16:31:01 UTC
Exactly that also confused me. That's why I introduced the (as I believe) more descriptive routines.

Did you actually test that code? Just checking...

Volker
Comment 4 Bryan McLellan 2009-03-09 18:38:17 UTC
I did not at the time, but I have now.

Applied patch against 3.3.1 release and built from source.
./configure --with-ads --with-winbind  --with-shared-modules=idmap_ad
linked /usr/lib/samba/lib/smb.conf to existing /etc/samba/smb.conf
Joined to domain

Ran 'winbindd -i -d10', ran 'wbinfo --uid-info UID' a couple times, checked the log and saw the 'Returning valid cache entry' log.

Ran 'winbindd -i -d10 -n' and ran wbinfo again, no cache in the log and saw the search against ldap.

Works as expected now with patch.
Comment 5 Volker Lendecke 2009-03-12 04:24:33 UTC
Thanks for testing. Pushed.

Volker